Feeds

Laptop facial recognition defeated by Photoshop

Taking a long hard stare at biometric security

Boost IT visibility and business value

White hat security researchers have demoed how to bypass the facial recognition systems on several laptops.

The facial recognition software on Lenovo, Asus and Toshiba laptops (known as Veriface III, SmartLogon 1.0.0005 and Face Recognition 2.0.2.32, respectively) was compromised by security researchers including Duc Nguyen, senior researcher at Vietnamese security firm Bkis.

Details of the hack are were outlined by a presentation entitled Your face is NOT your Password during the Blackhat security conference in Washington earlier this week.

The laptops use webcams in conjunction with facial biometric software, as an alternative to more well-established login techniques. The researchers claim that the log-in approach can be defeated using nothing more sophisticated than a photograph of a PC's registered user, or even Photoshopped images.

Nguyen and his team created a large number of images to run what they described a "fake face bruteforce" attack to fool the systems, which in fairness are still in their infancy, into allowing a log-on. The approach can be compared to trying out a huge number of possible text passwords until the right combination is stumbled upon as part of a conventional brute-force dictionary attack.

Laptop makers ought to review the whole approach of facial recognition as a login technique, the researchers argue.

"Lenovo, Asus, and Toshiba are known as the first three big computer manufacturers to put that technology into practical use and to bring about greater convenience for their customers," Nguyen explains. "The one question to ask is whether such technology is really safe and secure for its users to enjoy."

"My research, which is concluded in this paper, will prove that the mechanisms used by those three vendors haven’t met the security requirements needed by an authentication system and that they cannot wholly protected their users from being tampered," he adds. ®

Boost IT visibility and business value

More from The Register

next story
USA to insist on pre-flight mobe power probe
Prove it works or it can't come aboard flights to USA
Computing student jailed after failing to hand over crypto keys
Sledgehammer once again used to crack a nut
Brit celebs' homes VANISH from Google's Street View
Tony Blair's digs now a Tone-y Blur
Doctor Who season eight scripts leak online
BBC asks fans to EXTERMINATE copies before they materialise
Insecure AVG search tool shoved down users' throats, says US CERT
Sneaky 'foistware' downloads install things you never asked for
New NSA boss plays down impact of Snowden leaks
You have not heard me say 'OMG, the sky is falling'
'I don't want to go on the cart' ... OpenSSL revived with survival roadmap
Heartbleed-battered crypto library reveals long path back to health
MONSTER COOKIES can nom nom nom ALL THE BLOGS
Blog networks can be force-fed more than they can chew
prev story

Whitepapers

How modern custom applications can spur business growth.
In this whitepaper learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
The Power of One eBook: Top reasons to choose HP BladeSystem
Only the Power of One delivers leading infrastructure convergence, availability and scalability with federation, and agility through data center automation.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximizing your infrastructure through virtualization
Virtualization continues to be one of the most effective ways to consolidate, reduce cost, and make data centers more efficient.
Build a Business Case: Developing Custom Apps
In this whitepaper learn how to maximize the value of custom applications by accelerating and simplifying their development.