Microsoft Windows Hello exposes vulnerabilities!Connect an external USB camera to crack your computer in minutes

I believe everyone is familiar with Windows Hello.

After all, it was once called “the easiest way to log in”-just swipe your face and the computer can be unlocked immediately.

Microsoft Windows Hello exposes vulnerabilities!Connect an external USB camera to crack your computer in minutes

But just recently, it was exposed a big bug:

Only need an external USB camera, 2 frames of images.

Then “snap” and came in…

Windows Hello is not so good lately

Face unlocking has become more and more popular in recent years.

Like Apple’s iPhone and iPad, you can use the built-in front camera to unlock.

Microsoft Windows Hello exposes vulnerabilities!Connect an external USB camera to crack your computer in minutes

However, the face recognition and unlocking of Windows computers can not only use the built-in camera, but also work with third-party webcams.

As a result, this has successfully attracted the attention of a researcher at the security company CyberArk.

he thinks:

Old-fashioned webcams have poor security in the process of collecting and transmitting data.

At present, many face unlock methods on the market use the RGB face unlock method.

But in addition to the RGB sensor, the webcam also has an infrared sensor.

So this researcher did some research on Windows Hello.

You never know the full extent of things until you see them”.

He was surprised to find:

Windows Hello doesn’t even look at RGB data.

Microsoft Windows Hello exposes vulnerabilities!Connect an external USB camera to crack your computer in minutes

What’s the meaning?

Hackers only need to send two frames to the PC, and they can deceive your Windows Hello directly.

One frame is the real infrared capture data of the target, and the other frame is a blank black frame.

The second frame is used to deceive the validity verification of WindowsHello.

The operation can also be said to be quite simple.

If you connect an external USB webcam and send an image, Windows Hello will mistakenly think “Oh! The master has appeared”…

In response, the researcher gave the following explanation:

We tried to find the most vulnerable link in face recognition and see which method is the most interesting and easiest.

We created a complete Windows Hello facial recognition flow graph and found that the easiest way to “hack” it is to pretend to be a camera.

This is because the entire system depends on its input.

Microsoft responded: Patches have been released

This way of cracking sounds really simple and feasible.

As a result, Microsoft also responded immediately:

This is a bypass vulnerability of the Windows Hello security feature.

And on the 13th of this month, a patch has been released to solve this problem.

However, CyberArk still makes this recommendation to users:

It is recommended to use the enhanced Windows Hello login method.

This method uses Microsoft’s “virtualization-based security” to encrypt Windows Hello facial data.

Moreover, these data are processed in the memory protected area, so that the data will not be tampered with.

Then the next question is, why did CyberArk choose to attack Windows Hello?

In this regard, the company’s explanation is as follows:

From an industry perspective, researchers have done a lot of research work on methods such as PIN cracking and spoofing fingerprint sensors.

Secondly, the number of users covered by Windows Hello can be said to be quite large.

According to Microsoft’s data in May last year, this service has more than 150 million users; and in December last year, Microsoft said:

84.7% of Windows 10 users log in using Windows Hello.

But perhaps you are more concerned about whether you will be affected.

For now, concerns in this regard are unnecessary.

Because this attack method just sounds simple, but for people who are not hackers, it is still difficult to implement.

Including netizens also commented:

It’s a cool method, but ordinary users don’t need to worry about it.

Finally, the researcher stated:

We have known this kind of attack a long time ago, and we are quite disappointed with Microsoft.

They did not make stricter requirements on the security and credibility of the camera.

The Links:   BSM35GD120DN2E3224 MG20G6EL1