Researchers hack facial biometrics

Powered by SC Magazine
 

Researchers in Vietnam will be demonstrating how to hack facial recognition biometrics at the Black Hat security convention currently underway in the US.

Researchers in Vietnam will be demonstrating how to hack facial recognition biometrics at the Black Hat security convention currently underway in the US.

Nguyen Minh Duc, head of the application security department at the Bach Khoa Internetwork Security Center at Hanoi University of Technology, will be demonstrating how to beat the facial recognition systems built into some Lenovo, Toshiba and Asus laptops.

The systems use the laptop’s built-in webcam to take a picture of the user’s face, so that it can be used instead of a fingerprint or password to access the device. But according to Duc this system can be beaten in a variety of ways.

“The mechanisms used by those three vendors haven’t met the security requirements needed by an authentication system, and they cannot wholly protect their users from being tampered,” he said.

“There is no way to fix this vulnerability. ASUS, Lenovo, and Toshiba have to remove this function from all the models of their laptops … [they] must give an advisory to users all over the world: Stop using this [biometric] function.”

The researchers used the obvious method of showing the camera a picture of the registered user and this was reasonably successful. However the system could also be bypassed by showing the camera pictures of other people’s faces after playing around with light and shade settings.

Duc will be showing how to beat Lenovo's Veriface III, Asus' SmartLogon V1.0.0005, and Toshiba's Face Recognition 2.0.2.32 using these techniques.

Copyright ©v3.co.uk


 
 
 
Top Stories
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
Immigration breached Privacy Act with data leak
Pilgrim slams "copy and paste" of asylum seeker data.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 818

Vote