Face recognition is easy to play

At a security event, it was proven that the face recognition technologies used on some notebooks can be very easily deceived and circumvented.

Recently, several notebook manufacturers have launched laptops that use face recognition features to make it easier to log in to the operating system and authenticate. These solutions are designed to make the logon process more convenient so that the user does not have to enter their name and password to use Windows. To do this, the notebook owner only needs to look into the integrated camera, which takes a photo and compares it to a previously stored photo. If there is a match, the user is authenticated automatically. That is, these systems are truly convenient and fast to use. But how much security do they provide? Well, one of the interesting presentations at the Black Hat conference is that the situation is not very rosy.

Nguyen Minh Duc, a researcher at Bkis (Bach Khoa Internetwork Security Center), gave a special presentation aimed at drawing attention to the weaknesses of facial recognition solutions built into laptops. During the presentation, the expert tested Lenovo's Veriface III system, ASUS Smart Logon software and Toshiba Face Recognition technology. Minh Duc chose a very simple way to break through face recognition solutions by placing printed images in front of cameras that were unable to distinguish between real and digitized faces, so the casual hacker could easily log in to Windows. In addition, one system could be deceived even with black and white photographs. In the case of the Toshiba solution, a little trick had to be applied as it monitors the movement of the face during authentication. However, to circumvent the technology, Minh Duc only had to move the photo in his hand at check-in from time to time.

According to the expert, the vulnerability of face recognition systems built into laptops is to be found in the technologies behind them and can be traced back to the weakness of algorithms that are unable to distinguish a real face from a photograph. Minh Duc claimed that he had already notified the manufacturers of the problem and encouraged them to reconsider using face recognition for secure login until the errors could be fixed.

A Lenovo spokesman did not dispute the Minh Duc's discovery. He said users should consider opting for convenient and fast face recognition, or prefer to stay with passwords that provide a higher degree of security - complex and long - and use fingerprint readers. He then added that VeriFace monitors eye movement in order to be able to distinguish a real face from a photo.