Friday, July 23, 2021

Researchers bypass Windows Hello Biometrics Safeguards

Must Read

TikTok patches reflected XSS bug, one-click account takeover exploit

TikTok has patched a reflected XSS security defect along with a bug leading into account takeover affecting the company's...

Plex Media servers are being actively abused for DDoS attacks

DDoS-for-hire services are actively abusing plex Media Server systems as a UDP reflection/amplification vector in Distributed Denial of Service...

Firefox ‘network partitioning’ as a new anti-tracking defense system roll out in Jan 2021

Firefox's "network partitioning" feature will roll out in v85, which is scheduled for January 2021. Firefox 85, scheduled to be...

Researchers have shown that it is possible to spoof and get through the Windows Hello facial recognition system used for passwordless logins on personal computers.

A vulnerability in Microsoft’s Windows 10 password-free authentication system has been uncovered that could allow an attacker to spoof an image of a person’s face to trick the facial recognition system and take control of a device.

Windows Hello uses infrared and red-green-blue (RGB) cameras to scan users’ faces and match the data obtained against a password hash for authentication.

Windows Hello is a feature in Windows 10 that allows users to authenticate themselves without a password, using a PIN code or biometric identity—either a fingerprint or facial recognition—to access a device or machine. According to Microsoft, about 85 percent of Windows 10 users use the system.

By using a single captured infrared frame and a cloned USB device, researchers at security vendor CyberArk were then able to spoof a user’s visage and gain access to a PC running Windows Hello for Business for logins.

The Windows Hello bypass vulnerability, tracked as CVE-2021-34466, requires an attacker to have physical access to a device to exploit it, according to researchers at CyberArk Labs who discovered the flaw in March.

CyberArk believes it is possible to create infrared frames through regular color images as well, through automated filters and machine learning algorithms.

Researchers have no evidence that anyone has tried or used the attack in the wild, but someone with a motive could potentially use it on a targeted espionage victim, such as “a researcher, scientist, journalist, activist or privileged user with sensitive IP on their device, for example,” according to the analysis.

Microsoft issued a patch for the flaw today, applicable to supported versions of Windows 10 32-bit and 64-bit, and for ARM64-based systems.

CyberArk researchers posted a video of a proof-of-concept (PoC) for how to exploit the vulnerability, which can be used on both the consumer version, Windows Hello, and an enterprise version of the feature called Windows Hello for Business (WHfB) that businesses use with ActiveDirectory.

To mitigate against attacks that could bypass biometric user authentication, Microsoft suggests using Enhanced Sign-In Security.

To prove the concept, they created a custom USB device that acts as a USB camera with both infrared (IR) and Red Green Blue (RGB) sensors, using an evaluation board manufactured by NXP. They used this custom camera to transmit valid IR frames of the person they were targeting.

One of the good news for Windows Hello users is that people who use Windows Hello Enhanced Sign-in Security a new security feature in Windows are protected against attacks. But it requires specialized cameras, firmware, and hardware drivers to work.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This