Low-res laptop cams contribute to facial recognition hack

Aaron de Leon said that although details of the hacks were scarce, his opinion was that the demonstration was indicative of the risks of using biometric systems that scan external - rather than internal - parts of the user's body.

He said that standard webcams on laptops typically capture at resolutions of 800x600 active pixels.

The low resolution of the resulting image could make it easier to ‘trick' the laptop into allowing access to data and files.

"If the photo is taken by a cheap CCD module then certainly this could happen," de Leon said.

"Even though the image is taken at 800x600, it then needs to be reduced to some extent because you need a smaller sized file to use it in a biometric application.

"If you want to be able to authenticate the user in less than five seconds, the file size has to be very small - certainly less than a Megabyte."

De Leon did not agree that PC makers such as Lenovo, Asus and Toshiba should issue an alert to customers to stop using facial recognition systems on their laptops.

But he did say "they should use a more accurate type of biometric technology for PC logon applications".

Hitachi Australia has brought finger vein-scanning technology to Australia in the past 18 months.

De Leon pushed the technology as a more reliable biometric alternative for PC logon but acknowledged the cost per unit was up to three times more than the facial recognition systems exploited at Black Hat.

He said the technology had been implemented in "small scale projects" in Australia, predominately in the hospitality sector and through implementation partners such as Argus and Time Target.

Hitachi has also tried to get a foothold in the banking sector for physical access applications but the discussions have yet to bear fruit.

"We had some discussions about 15 months ago," said de Leon.

"We still keep in touch with the banks through a systems integrator and plan to revisit them in May."

De Leon said that Hitachi was seeking additional partners to bolster its finger vein-scanning presence in the market and also to help it achieve local security certifications.