Vulnerability Found In Windows Hello Facial Recognition

Share post:

A potential vulnerability in Microsoft’s Windows Hello facial recognition system was recently discovered by security firm CyberArk.

Unlike Apple’s FaceID, which lets users use the feature only with cameras embedded in their latest iPhones and iPads, Hello facial recognition works with a number of third-party webcams.

By manipulating a USB webcam to deliver an image selected by attackers, researchers discovered that Windows Hello could be tricked into thinking the device owner’s face was present.

Microsoft called the vulnerability “Windows Hello security feature bypass vulnerability.” The company released patches on Tuesday which helped fix the issue.

The company also suggests that users use “Windows Hello enhanced sign-in security.”

A researcher from the security firm CyberArk, Omer Tsarfati, took a closer look at the vulnerability discovered and explained: “We tried to find the weakest point in the facial recognition and what would be the most interesting from the attacker’s perspective, the most approachable option. We created a full map of the Windows Hello facial-recognition flow and saw that the most convenient for an attacker would be to pretend to be the camera, because the whole system is relying on this input.”

For more information, read the original story in Arstechnica.



Related articles

Socket develops tool to protect developers from npm vulnerabilities

Socket, a security firm, has created a new method for protecting developers from the flaws in npm, GitHub's...

Google spots vulnerabilities in Exynos chips that could affect Androids

Google is urging Android phone owners, such as those who own Samsung, Pixel, or Vivo phones, to take...

Orlando Family Physicians agrees to settle clients affected by data breach

Orlando Family Physicians (OFP) has reached a class action settlement to resolve claims stemming from a 2021 healthcare...

FBI arrests alleged head of BreachForums criminal market

Man arrested in New York state is believed to have run one of the biggest criminal forums in

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways