Researchers hack facial biometrics

Powered by SC Magazine
 

Researchers in Vietnam will be demonstrating how to hack facial recognition biometrics at the Black Hat security convention currently underway in the US.

Researchers in Vietnam will be demonstrating how to hack facial recognition biometrics at the Black Hat security convention currently underway in the US.

Nguyen Minh Duc, head of the application security department at the Bach Khoa Internetwork Security Center at Hanoi University of Technology, will be demonstrating how to beat the facial recognition systems built into some Lenovo, Toshiba and Asus laptops.

The systems use the laptop’s built-in webcam to take a picture of the user’s face, so that it can be used instead of a fingerprint or password to access the device. But according to Duc this system can be beaten in a variety of ways.

“The mechanisms used by those three vendors haven’t met the security requirements needed by an authentication system, and they cannot wholly protect their users from being tampered,” he said.

“There is no way to fix this vulnerability. ASUS, Lenovo, and Toshiba have to remove this function from all the models of their laptops … [they] must give an advisory to users all over the world: Stop using this [biometric] function.”

The researchers used the obvious method of showing the camera a picture of the registered user and this was reasonably successful. However the system could also be bypassed by showing the camera pictures of other people’s faces after playing around with light and shade settings.

Duc will be showing how to beat Lenovo's Veriface III, Asus' SmartLogon V1.0.0005, and Toshiba's Face Recognition 2.0.2.32 using these techniques.

Copyright ©v3.co.uk


 
 
 
Top Stories
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
What InfoSec can learn from the insurance industry
[Blog post] Another way data breach laws could help manage risk.
 
A ten-point plan for disrupting security
[Blog post] How can you defend the perimeter when it’s in the cloud?
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  21%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1043

Vote