Researchers trick Windows Hello with infrared image

Researchers tricked Windows Hello

CyberArk researchers tricked the Windows Hello biometric authentication system that is included in all versions of Windows 10 using an infrared image of the device owner.

Researcher Omer Tsarfati says the root of the problem lies in the way Windows Hello handles data from USB-connected webcams. While Windows Hello only works with webcams that have an infrared sensor (in addition to regular RGB), it turns out that the system doesn’t need much RGB data. This means that with just one infrared facial image, you can unlock the victim’s device protected by Windows Hello biometrics.

While most users know that they can use a webcam for authentication and facial recognition on a Windows 10 machine, Zarfati found that Windows Hello only supports webcam input via infrared sources. And it turned out that the infrared input check is insufficient or comparable to the check for conventional (RGB) cameras.

As a result, an attacker can connect a malicious device that simulates a USB camera to the computer and then use it to transmit an infrared image of the owner’s face. While it is not possible to transmit a static Windows Hello image under normal circumstances, these restrictions do not work for infrared input, and the researcher successfully tricked the authentication process into gaining access to the locked machine.

A video demonstration of the attack can be seen here.

Researchers tricked Windows Hello

We created a complete map of the entire Windows Hello facial recognition process and saw that the most convenient way for an attacker to pretend to be a webcam, because the entire system relies on this input.says the expert.

To implement such an attack, physical access to the device would be required, however, Microsoft fixed this vulnerability, which received the identifier CVE-2021-34466, as part of the July “update Tuesday”.

Actually, Microsoft needs to be careful. We have known this method of attack for a long time. I am a little disappointed that they do not restrict which cameras can be trusted. concludes Tsarfati.

Let me remind you that I wrote that Cybersecurity expert created an exploit to hack iPhone via Wi-Fi and that Researchers made Tesla’s autopilot work without a driver.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

View all of Vladimir Krasnogolovy's posts.

Leave a comment

Your email address will not be published. Required fields are marked *