Sunday, October 17, 2021

Researchers bypass Windows Hello Biometrics Safeguards

Must Read

Brazilian Plane Maker Embraer Downed by Suspected Ransomware

Brazilian plane manufacturer Embraer on Monday revealed a cyberattack that, according to some reports, involved ransomware.The aircraft-maker, the world's...

Canada Names China, Russia as Chief cyber-crime Risks; sees Danger to Electricity supply

Canada on Wednesday identified state-sponsored applications in China, Russia, Iran, and North Korea as important cybercrime threats for the...

Nine cyber Offenders arrested in a police raid

Throughout the constant action being taken by the authorities to preventing cybercrime, the authorities obtained a major success last...

Researchers have shown that it is possible to spoof and get through the Windows Hello facial recognition system used for passwordless logins on personal computers.

A vulnerability in Microsoft’s Windows 10 password-free authentication system has been uncovered that could allow an attacker to spoof an image of a person’s face to trick the facial recognition system and take control of a device.

Windows Hello uses infrared and red-green-blue (RGB) cameras to scan users’ faces and match the data obtained against a password hash for authentication.

Windows Hello is a feature in Windows 10 that allows users to authenticate themselves without a password, using a PIN code or biometric identity—either a fingerprint or facial recognition—to access a device or machine. According to Microsoft, about 85 percent of Windows 10 users use the system.

By using a single captured infrared frame and a cloned USB device, researchers at security vendor CyberArk were then able to spoof a user’s visage and gain access to a PC running Windows Hello for Business for logins.

The Windows Hello bypass vulnerability, tracked as CVE-2021-34466, requires an attacker to have physical access to a device to exploit it, according to researchers at CyberArk Labs who discovered the flaw in March.

CyberArk believes it is possible to create infrared frames through regular color images as well, through automated filters and machine learning algorithms.

Researchers have no evidence that anyone has tried or used the attack in the wild, but someone with a motive could potentially use it on a targeted espionage victim, such as “a researcher, scientist, journalist, activist or privileged user with sensitive IP on their device, for example,” according to the analysis.

Microsoft issued a patch for the flaw today, applicable to supported versions of Windows 10 32-bit and 64-bit, and for ARM64-based systems.

CyberArk researchers posted a video of a proof-of-concept (PoC) for how to exploit the vulnerability, which can be used on both the consumer version, Windows Hello, and an enterprise version of the feature called Windows Hello for Business (WHfB) that businesses use with ActiveDirectory.

To mitigate against attacks that could bypass biometric user authentication, Microsoft suggests using Enhanced Sign-In Security.

To prove the concept, they created a custom USB device that acts as a USB camera with both infrared (IR) and Red Green Blue (RGB) sensors, using an evaluation board manufactured by NXP. They used this custom camera to transmit valid IR frames of the person they were targeting.

One of the good news for Windows Hello users is that people who use Windows Hello Enhanced Sign-in Security a new security feature in Windows are protected against attacks. But it requires specialized cameras, firmware, and hardware drivers to work.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This