Security researchers crack laptop facial biometrics

Researchers from Vietnam have cracked facial recognition scanners on laptops to bypass security.

Researchers from Vietnam have cracked facial recognition scanners on laptops to bypass security.

They will be demonstrating how to hack facial recognition biometrics at the Black Hat security convention in Washington DC this week.

Nguyen Minh Duc, head of the application security department at the Bach Khoa Internetwork Security Center at Hanoi University of Technology, will be showing delegates how to beat the facial recognition systems built into Lenovo, Toshiba and Asus laptops.

The systems under the microscope use the laptop's built-in webcam to take a picture of the owner's face, so that it can be used instead of a fingerprint or password to access the device.

But according to Duc, this system can be beaten in a variety of ways.

"The mechanisms used by these three vendors haven't met the security requirements needed by an authentication system. They cannot wholly protect their users as a result," he explained.

"There is no way to fix this vulnerability. Asus, Lenovo and Toshiba have to remove this function from all the models of their laptops and issue a security advisory to users around the world."

Not only were the researchers able to bypass the security systems by showing the camera a picture of the registered user, they were also able to gain entry by showing the camera pictures of other people's faces, after manipulating light and shade settings.

At the conference, Duc will be showing how to beat Lenovo's Veriface III, Asus's SmartLogon V1.0.0005 and Toshiba's Face Recognition technologies.

Proposed e-border trial at Manchester Airport raises security concerns >>

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.