Microsoft designed Hello windows Compatible with multiple brands of webcams, but features designed for ease of adoption may also make the technology vulnerable to attacks by bad actors.According to reports wired, Managed by researchers from the security company CyberArk Fool Hello facial recognition system using the facial image of the computer owner.
Windows Hello requires a camera with RGB and infrared sensors, but after investigating the authentication system, the researchers found that it only processes infrared frames. To verify their findings, the researchers created a customized USB device that they loaded with the user’s infrared photos and SpongeBob’s RGB images. Hello recognizes the device as a USB camera and successfully unlocks it with only the user’s infrared photo. In addition, the researchers found that they don’t even need multiple IR images—a single IR frame with a black frame can unlock a Hello-protected PC.
Using this technology to break into someone’s computer is very difficult to achieve in reality, because the attacker still needs the user’s IR photo. In other words, it is still a weakness that can be exploited by those who are particularly motivated to infiltrate someone’s computer. If technology companies want to rely more and more on biometrics and get rid of passwords as a means of authentication, they need to ensure that their authentication technology is secure. The CyberArk team chose to review Windows Hello because it is one of the most widely used passwordless authentication systems.
Microsoft has Released Patch its so-called “Hello security function bypass vulnerability.” The tech giant also recommends turning on “Windows Hello to enhance login security,” which will encrypt the user’s facial data and store it in a protected area.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase goods through one of these links, we may earn member commissions.