A password will be e-mailed to you.

Microsoft Windows Hello authentication system fooled by security researchers

Windows Hello

Source: Windows Blog

Microsoft is one of the world’s biggest technology companies. It comes under the ‘Big Tech’ companies as the United States government quotes it. Microsoft’s Windows OS is the most hardware-compatible Operating System in the world and with that much power in its hands, the company must ace its security and data protection systems. Unfortunately, it doesn’t seem that way and Microsoft has been prey to multiple security breaches in the recent past, making the users worry for their data.

Following up with the story, Microsoft designed Windows Hello authentication system to be the most secure facial recognition system incorporated within Windows OS, giving compatibility to webcams across multiple brands. Again, compatibility is one thing but making it the most hardware compatible facial recognition system could make the technology vulnerable to malicious hackers and attackers.

According to recent reports by Wired, researchers from CyberArk security firm have managed to break into a Windows PC bypassing the Windows Hello facial recognition system using images of the PC owner’s face.

Researchers have successfully fooled Microsoft’s Windows Hello!

According to a report by Engadget, Windows Hello requires the use of RGB and infrared sensors in cameras to be able to function as intended, serving the highest security for a Personal Computer. As mentioned in the reports, researchers have claimed that Microsoft’s Hello only needs Infrared Sensors to unlock the device and RGB usage was not necessarily required. Windows Hello only processes infrared frames and to verify the researcher’s findings, they created a custom USB device and loaded them with the PC owner’s infrared pictures and an RGB photo of Spongebob from Spongebob Square Pants (if you know, you know!).

Engadget reports that the researchers found Windows Hello to having successfully unlocked the owner’s Windows PC with just the Infrared pictures of the owner and the irrelevant picture of a cartoon was, simply unused. So, in order for someone, a bad actor probably, to bypass security and hack into one’s system, only a single Infrared photo of the device’s owner is needed. As the researchers found out, only a single Infrared frame was enough to unlock a Windows Hello protected system.

This is not the security that we can expect from a multi-billion dollar technology company and that too a company like Microsoft that has been ruling the industry for decades.

Anyhow, sources suggest that cybersecurity company CyberArk has put Windows Hello under scrutiny because it is one of the most widely used authentication systems in the most hardware-compatible Operating Systems in the world.

Microsoft has also released a patch for the same that is supposed to enhance the sign-in security and better encrypt a user’s face for password.



No more articles
Send this to a friend