According to cybersecurity researchers, the facial recognition system developed by Microsoft can be bypassed quite easily.
Biometric security continues to gradually spread and replace the old password. Smartphones were among the first to popularize a fingerprint sensor or facial recognition, but computers were not left out.
This is how Microsoft praised Windows Hello, a biosecurity based on facial recognition. However, since Windows has to run on many different configurations, this system will not be secure.
An infrared image is enough to deceive the system
To make Windows Hello work, your computer must have a webcam that includes an infrared sensor in addition to its main sensor, in order to provide reliable information to the system allowing the computer to be unlocked. However, it seems that Windows is not very careful about the infrared data collected.
As explained by Omar Tsarfati, Cyber Security Researcher at CyberArk Ars TechnicaHowever, the system developed by Microsoft is not as secure as thought. “We tried to find the weak point in facial recognition” He explains, specifically targeting the infrared system.
Since Windows must accommodate many different configurations, it will be enough to replace the real-time data provided by the infrared sensor with the infrared image of the owner of the device. “The easiest way for an attacker is to pretend to be the camera, because the whole system depends on his information” identifies the researcher.
However, this type of attack is not that easy. The attacker must have access to the target computer and have the correct infrared image of the device owner. That doesn’t stop Microsoft from worrying about it and calling this problem an extension Windows Hello bypasses the vulnerability While posting another security patch to plug the bug.