Security researchers crack laptop facial biometrics

Researchers from Vietnam have cracked facial recognition scanners on laptops to bypass security.

Researchers from Vietnam have cracked facial recognition scanners on laptops to bypass security.

They will be demonstrating how to hack facial recognition biometrics at the Black Hat security convention in Washington DC this week.

Nguyen Minh Duc, head of the application security department at the Bach Khoa Internetwork Security Center at Hanoi University of Technology, will be showing delegates how to beat the facial recognition systems built into Lenovo, Toshiba and Asus laptops.

The systems under the microscope use the laptop's built-in webcam to take a picture of the owner's face, so that it can be used instead of a fingerprint or password to access the device.

But according to Duc, this system can be beaten in a variety of ways.

"The mechanisms used by these three vendors haven't met the security requirements needed by an authentication system. They cannot wholly protect their users as a result," he explained.

"There is no way to fix this vulnerability. Asus, Lenovo and Toshiba have to remove this function from all the models of their laptops and issue a security advisory to users around the world."

Not only were the researchers able to bypass the security systems by showing the camera a picture of the registered user, they were also able to gain entry by showing the camera pictures of other people's faces, after manipulating light and shade settings.

At the conference, Duc will be showing how to beat Lenovo's Veriface III, Asus's SmartLogon V1.0.0005 and Toshiba's Face Recognition technologies.

Proposed e-border trial at Manchester Airport raises security concerns >>

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.






  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...