1. Home
  2. Computing

Researchers disclose vulnerability in Windows Hello facial recognition

By

Researchers at the security firm CyberArk Labs have discovered a vulnerability in Microsoft’s Windows Hello facial recognition system in Windows 10 and Windows 11. Calling it a “design flaw,” the researchers say that hackers can get around Windows Hello by using a certain type of hardware to eventually gain access to your PC.

Though it isn’t exactly something that is easily accomplished (and Microsoft says it has mitigated the vulnerability), there’s a very specific set of conditions that can lead to the bypassing. In all cases, hackers would need to capture an IR image of the victim’s face, have physical access to the victim’s PC, and also use a custom USB device that can impersonate a camera. CyberArk Labs describe the six-part process on its website, with a video showing the proof-of-concept.

Image used with permission by copyright holder

Per the firm, this is all possible because Windows Hello will only process IR camera frames when trying to authenticate a user. “One would need to implement a USB camera that supports RGB and IR cameras. This USB device then only needs to send genuine IR frames of the victim to bypass the login phase, while the RGB frames can contain anything,” said CyberArk’s Omer Tsarfati.

Recommended Videos

There currently is no evidence that this vulnerability has been actively used, but CyberArk Labs warns that someone with the right skills can use this to target journalists and others with sensitive content on their devices. It is also important to note that the research was done on Windows Hello for Business and not the consumer version of Windows Hello. There is still, though, the chance that this vulnerability could apply to other security systems where a third-party USB camera is used as a biometric sensor.

CyberArk labs submitted this vulnerability to Microsoft back on March 23, 2021. Microsoft acknowledged this issue a day later. Microsoft has since assigned a CVE for the issue, sharing mitigation via a security update on July 13.

According to Microsoft, this patch mitigated the issue and Windows Hello Enhanced Sign-in Security can protect against such attacks. CyberArk, though, points out that the mitigation depends on having devices with specific cameras, and the “inherent to system design, implicit trust of input from peripheral devices remains.” An investigation is still ongoing.

Editors' Recommendations

Topics
Arif Bacchus
Former Digital Trends Contributor
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Microsoft announces a new threat to push people to Windows 11

Microsoft is sharing more details of its plans to transition customers still using Windows 10 from a free offering to a paid structure if they wish to continue receiving security updates.

The company is phasing out the legacy operating system, which will reach its end-of-life support on October 14, 2025. After this, Microsoft will begin charging enterprise users a monthly fee for Extended Security Updates (ESU). Businesses must purchase an ESU license for all Windows 10 devices in order to maintain security support beyond the cutoff date.

Read more
How to adjust screen resolution in Windows 11 and older

You're not actually stuck with the screen resolution setting your Windows PC came with. In addition to tons of other device personalization options, screen resolutions are customizable on Windows PCs. And adjusting the screen resolution on your Windows machine is easier than you think. All it takes is a quick trip to your Settings app or Control Panel (depending on which version of Windows you're running) and a few clicks and you're on your way to an easier-to-view screen. Here, we'll show you how to adjust screen resolutions for Windows 11, Windows 10, and Windows 7 PCs.
In Windows 11
Step 1: Navigate to the Windows 11 Settings app.

Step 2: Click Display.

Read more
Windows 11 vs. Windows 10: finally time to upgrade?

Windows 11 is the newest version of Windows, and it's one of the best Windows versions released. At launch, the operating system was very similar to Windows 10, but it has morphed a lot over the past several years. Now, Windows 11 has several key differences compared to Windows 10.

If you've been holding out on upgrading, we have everything you need to know about Windows 11 and how it's different than Windows 10 in this article. We'll detail the differences, as well as show you the areas where Windows 11 is growing faster than Windows 10.
Windows 11 vs. Windows 10: what's new

Read more