U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experts show how to bypass Windows Hello feature to login on Windows 10 PCs

Security researchers demonstrated how to bypass the Windows Hello facial recognition that is used in Windows 10 as a login mechanism. Security researchers at CyberArk Labs discovered a security bypass vulnerability, tracked as CVE-2021-34466, affecting the Windows Hello facial authentication process, An attacker could exploit the vulnerability to login systems running the Windows 10 OS. […]

Windows Hello bypass

Security researchers demonstrated how to bypass the Windows Hello facial recognition that is used in Windows 10 as a login mechanism.

Security researchers at CyberArk Labs discovered a security bypass vulnerability, tracked as CVE-2021-34466, affecting the Windows Hello facial authentication process, An attacker could exploit the vulnerability to login systems running the Windows 10 OS.

Microsoft already fixed the vulnerability with the release of July Patch Tuesday security updates.

Windows Hello is a Windows 10 security feature that allows users to unlock the device with a user’s fingerprint, iris scan, or face. The feature uses IR camera to scan the user’s face, the camera has two distinct sensors to manage RGB and Infra-red (IR). The researchers discovered that only the IR camera frames are processed during the authentication process.

Experts discovered that it has been possible to bypass authentication just using a single, valid, infra-red frame.

“This USB device then only needs to send genuine IR frames of the victim to bypass the login phase, while the RGB frames can contain anything. Further, into the research, we figured out that we even don’t need many frames of the “target.”” states the analysis published by the experts.

“Apparently, we only need one IR frame and an entirely black frame. When we tried to send only one valid IR frame in the buffer, Windows Hello didn’t accept our input as valid, but when we sent both the black frame and the proper IR frame, we got in.”

Cyberark researchers pointed out that the flaw is very difficult to exploit, an attacker with physical access to the computer needs a good infra-red image of the user.

This can be achieved by passing by the person with a camera or by setting this IR camera in a place that the person will go through, for example, an elevator. An attacker could also use advanced IR camera technologies that can allow to take a good picture even from a distance.

Then the attacker has to plug into the system a custom-built USB device that can then be used to inject the spoofed image.

The experts demonstrated how to bypass the security feature in a video PoC:

Bypassing Windows Hello Without Masks or Plastic Surgery

Windows Hello bypass

Microsoft provided the experts the following statement:

“Microsoft released a security update on July 13 that mitigates this issue. For more information, please see CVE-2021-34466:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34466

In addition, customers with Windows Hello Enhanced Sign-in Security are protected against such attacks which tamper with the biometrics pipeline. Enhanced Sign-in Security is a new security feature in Windows which requires specialized hardware, drivers, and firmware that are pre-installed on the system by device manufacturers in the factory. Please contact your device manufacturers for the state of Enhanced Sign-in Security on your device.

https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Windows)

[adrotate banner=”5″]

[adrotate banner=”13″]