Smartphones, laptops, even desktop computers use biometric authentication methods such as face scanning or fingerprint scanning. Microsoft’s Windows Hello
The login option called is also known as a face scanning system used to combine convenience and security. However, according to the new study, Windows Hello can be bypassed with fake USB camera device. Experts say that the situation may cause security weakness, but this risk will not cause major problems as expected.
The process of security researchers at CyberArk shows that it is not easy to fool Windows Hello, or at least the facial recognition system. In theory, for Windows Hello to work, both RGB as well infrared needs a camera with a sensor. Experts have developed hardware that introduces it to the computer as a USB camera with RGB and infrared sensors. This device contains image data of the computer owner and sends this data to Windows Hello, enabling login. In addition, the researchers after the various types of tesdollarser only the data obtained from the infrared sensor also turned out to be enough to get past Windows Hello.
According to CyberArk, this vulnerability is Caused by Windows Hello seeing external devices as data sources for biometric authentication. On the other hand, since not every computer with Windows operating system has a standard camera, Microsoft does not seem to have much choice but to assume external cameras as data sources. CyberArk also stated that it is very difficult to exploit the mentioned vulnerability. For this reason, we can say that the risk is very low. Do not forget to share your thoughts on the subject in the comments.