Researchers hack facial biometrics

Powered by SC Magazine
 

Researchers in Vietnam will be demonstrating how to hack facial recognition biometrics at the Black Hat security convention currently underway in the US.

Researchers in Vietnam will be demonstrating how to hack facial recognition biometrics at the Black Hat security convention currently underway in the US.

Nguyen Minh Duc, head of the application security department at the Bach Khoa Internetwork Security Center at Hanoi University of Technology, will be demonstrating how to beat the facial recognition systems built into some Lenovo, Toshiba and Asus laptops.

The systems use the laptop’s built-in webcam to take a picture of the user’s face, so that it can be used instead of a fingerprint or password to access the device. But according to Duc this system can be beaten in a variety of ways.

“The mechanisms used by those three vendors haven’t met the security requirements needed by an authentication system, and they cannot wholly protect their users from being tampered,” he said.

“There is no way to fix this vulnerability. ASUS, Lenovo, and Toshiba have to remove this function from all the models of their laptops … [they] must give an advisory to users all over the world: Stop using this [biometric] function.”

The researchers used the obvious method of showing the camera a picture of the registered user and this was reasonably successful. However the system could also be bypassed by showing the camera pictures of other people’s faces after playing around with light and shade settings.

Duc will be showing how to beat Lenovo's Veriface III, Asus' SmartLogon V1.0.0005, and Toshiba's Face Recognition 2.0.2.32 using these techniques.

Copyright ©v3.co.uk


 
 
 
Top Stories
Microsoft confirms Australian Azure launch
Available from next week.
 
NBN Co names first 140 FTTN sites
National trial extended.
 
Cloud, big data propel bank CISOs into the boardroom
And this time, they are welcome.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  23%
 
End user computing (desktops, mobiles, apps)
  13%
 
Software development
  26%
TOTAL VOTES: 236

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  62%
 
No
  38%
TOTAL VOTES: 74

Vote