Security Researchers Discover Major Vulnerability in Windows Hello

Microsoft has security updates released to address Windows Hello issue with ‘CVE-2021-34466’. The vulnerability allowed the security feature to be bypassed in Windows Hello’s biometrics-based technology.

This allowed criminals to falsify a target’s identity and trick the facial recognition mechanism into gaining access.

CyberArk Labs Security Researchers discovered that they could trick Windows Hello by using an infrared frame of the target and at least one rgb frame seemingly containing something else:
The vulnerability allows an attacker with physical access to the device to manipulate the authentication process by taking or re-imagining a photo of the target’s face and then plugging in a custom USB device to insert the forged images into the host.”

According to Microsoft, the number of customers using Windows Hello grew from 69.4 percent to 84.7 percent in 2019. Unfortunately, the company has not revealed what percentage of those users rely on this authentication method.

Sources: CyberArk, Microsoft

2 discussed products

Compare all products


Source: Hardware Info Compleet by nl.hardware.info.

*The article has been translated based on the content of Hardware Info Compleet by nl.hardware.info. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!