A Windows Hello Authentication Bypass Vulnerability Was Fixed by Microsoft
The Authentication Bypass Vulnerability Was Able to Let Threat Actors Spoof A Target’s Identity by Tricking the Face Recognition Mechanism.
Last updated on July 14, 2021
Windows Hello works by using infrared and red-green-blue (RGB) cameras in order to scan users’ faces. The feature then matches the data obtained against a password hash for authentication. The Windows Hello authentication bypass vulnerability was apparently able to let threat actors spoof a target’s identity.
The number of Windows 10 customers that are using Windows Hello in order to sign in to their devices instead of a password grew from 69.4% to 84.7% during 2019, according to data provided by Microsoft.
The researchers at CyberArk Labs discovered that attackers are able to create custom USB devices that Windows Hello will work with to completely circumvent Windows Hello’s facial recognition mechanism by using a single valid IR (infrared) frame of the target.
Omer Tsarfati was the one who reported the Windows Hello vulnerability tracked as CVE-2021-34466 and rated it as important severity to Microsoft back in March.
Microsoft assessed the security vulnerability and discovered that unauthenticated adversaries would require physical access to the target’s device to exploit it in high complexity attacks.
The vulnerability allows an attacker with physical access to the device to manipulate the authentication process by capturing or recreating a photo of the target’s face and subsequently plugging in a custom-made USB device to inject the spoofed images to the authenticating host.
We have no evidence that this attack has been used in the wild, but it could be used by a motivated attacker to target a researcher, scientist, journalist, activist or privileged user with sensitive IP on their device, for example.
The researchers at CyberArk Labs said that although using the Enhanced Sign-in Security with compatible hardware can restrict the attack surface, this might be highly dependent on what cameras the targets are using.
Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.