Vulnerability Found In Windows Hello Facial Recognition

Share post:

A potential vulnerability in Microsoft’s Windows Hello facial recognition system was recently discovered by security firm CyberArk.

Unlike Apple’s FaceID, which lets users use the feature only with cameras embedded in their latest iPhones and iPads, Hello facial recognition works with a number of third-party webcams.

By manipulating a USB webcam to deliver an image selected by attackers, researchers discovered that Windows Hello could be tricked into thinking the device owner’s face was present.

Microsoft called the vulnerability “Windows Hello security feature bypass vulnerability.” The company released patches on Tuesday which helped fix the issue.

The company also suggests that users use “Windows Hello enhanced sign-in security.”

A researcher from the security firm CyberArk, Omer Tsarfati, took a closer look at the vulnerability discovered and explained: “We tried to find the weakest point in the facial recognition and what would be the most interesting from the attacker’s perspective, the most approachable option. We created a full map of the Windows Hello facial-recognition flow and saw that the most convenient for an attacker would be to pretend to be the camera, because the whole system is relying on this input.”

For more information, read the original story in Arstechnica.


Related articles

Cyber Security Today, June 12, 2024 – More Snowflake storage victims found, Microsoft issues new Windows patches,

More Snowflake storage victims found, Microsoft issues new Windows patches, and more. Welcome to Cyber Security Today. It's Wednesday,...

Former OpenAI employee alleges plan for AGI bidding war

In a recent interview, former OpenAI safety researcher Leopold Aschenbrenner made startling claims about his ex-employer's strategy regarding...

Malicious code in millions of installs traced to Microsoft Visual Studio

A group of Israeli researchers found thousands of potentially harmful extensions on the Visual Studio Code (VSCode) Marketplace,...

Cyber Security Today, June 10, 2024 – Microsoft backs down on Recall

Microsoft backs down on Recall. Welcome to Cyber Security Today. It's Monday, June 10th, 2024. I'm Howard Solomon, contributing...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways