Fool Windows Hello with a fake camera
The ability to support webcams integrated with infrared (IR) of many companies on Windows Hello creates an opening for hackers to attack.
CyberArk security researchers have found a way to fool the Windows Hello facial recognition system on Windows. They found that Windows Hello's authentication system only focused on processing the image data collected by the infrared sensor.
CyberArk experimented by creating a custom USB camera. They then loaded the infrared image of the user and the RGB image of the Spongebob cartoon character into a data stream that passed from the USB camera to the Windows Hello authentication system.
The system accepts this custom USB camera and even unlocks Windows computers based on infrared images alone, ignoring irrelevant RGB images. The researchers even found that Windows Hello's authentication system only needed an IR frame and a black image to accept the unlock.
To exploit this vulnerability, the hacker must have at hand an infrared image of the user's face. This is a difficult thing but not impossible. Hackers can break into surveillance camera systems that are installed everywhere to get images of the person they want to attack.
Obviously this is a weak point in Microsoft's security system. Software giants need to make sure their authentication technology is secure as users increasingly rely on biometric security instead of passwords.
Microsoft has admitted this is a vulnerability in the Windows Hello security feature. This vulnerability is assigned the code CVE-2021-34466 and is being researched by Microsoft to find a fix. In the meantime, Microsoft recommends users to use Windows Hello Enhanced Sign-in Security to ensure safety.
However, CyberArk cautions users that not all devices support Windows Hello Enhanced Sign-in Security.
You should read it
- Signs show clearly that your system is being hacked
- The UN acknowledges that cyberattacks are extremely sophisticated and cannot identify the culprit
- 12 signs that your computer is hacked
- Just one page access, Windows PC can also be hacked
- NoxPlayer emulator was hacked and malicious code inserted
- 5 signs that your family's surveillance camera has been hacked
- You can hack Mazda cars with USB Flash Drive
- How to know if Facebook, Instagram, Google and other social networks have been hacked
- How to turn on anti-malware protection on Windows
- Computers that are not connected to the internet can still be hacked
- 6 clear signs that your phone is hacked
- Security features coming to Windows 11
Maybe you are interested
Enable or disable Secure Boot via the ASUS UEFI BIOS utility How to temporarily lock the computer when entering the wrong password many times How to Add a Password to a .Bat File How to use ASCII characters to create strong passwords How to prevent DDoS attack with Nginx Techniques to exploit buffer overflows: Organize memory, stack, call functions, shellcode