CyberArk researchers tricked the Windows Hello biometric authentication system that is included in all versions of Windows 10 using an infrared image of the device owner.
Researcher Omer Tsarfati says the root of the problem lies in the way Windows Hello handles data from USB-connected webcams. While Windows Hello only works with webcams that have an infrared sensor (in addition to regular RGB), it turns out that the system doesn’t need much RGB data. This means that with just one infrared facial image, you can unlock the victim’s device protected by Windows Hello biometrics.
While most users know that they can use a webcam for authentication and facial recognition on a Windows 10 machine, Zarfati found that Windows Hello only supports webcam input via infrared sources. And it turned out that the infrared input check is insufficient or comparable to the check for conventional (RGB) cameras.
As a result, an attacker can connect a malicious device that simulates a USB camera to the computer and then use it to transmit an infrared image of the owner’s face. While it is not possible to transmit a static Windows Hello image under normal circumstances, these restrictions do not work for infrared input, and the researcher successfully tricked the authentication process into gaining access to the locked machine.
A video demonstration of the attack can be seen here.
To implement such an attack, physical access to the device would be required, however, Microsoft fixed this vulnerability, which received the identifier CVE-2021-34466, as part of the July “update Tuesday”.
Let me remind you that I wrote that Cybersecurity expert created an exploit to hack iPhone via Wi-Fi and that Researchers made Tesla’s autopilot work without a driver.