Microsoft designed Windows Hello to be compatible with multiple brands of webcams, but this feature, designed for easy adoption, could also leave the technology vulnerable to bad actors. As reported by Wired, researchers at the security company CyberArk succeeded in deceiving the Hello facial recognition system with images of the computer owner’s face.

Windows Hello requires the use of cameras with RGB and infrared sensors, but when examining the authentication system, the researchers found that it only processes infrared frames. To validate their results, the researchers created a custom USB device that they loaded with infrared photos of the user and RGB images of Spongebob. Hello recognized the device as a USB camera and it was successfully unlocked using only the user’s IR photos. Additionally, the researchers found they didn’t even need multiple IR images – a single IR frame with a black border can unlock a Hello-protected PC.

Break into someone’s computer …

Source link

Leave a Reply