Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Hack Biometric Faces

Posted by kdawson on from the face-off dept.

yahoi sends in news from a week or so back: "Vietnamese researchers have cracked the facial recognition technology used for authentication in Lenovo, Asus, and Toshiba laptops in lieu of the standard logon/password. The researchers were able to easily bypass the biometric authentication system built into the laptops by using photos of an authorized user, as well as by presenting multiple phony facial images in brute-force attacks. One of the researchers will demonstrate the hack at Black Hat DC this week. He says the laptop makers should remove the facial biometrics feature from their products because the vulnerability of this technology can't be fixed."

3 of 244 comments (clear)

  1. Re:Ok then... by GrenDel+Fuego · · Score: 5, Insightful

    I definitely disagree here. While passwords can be brute forced given enough time, your face is almost certainly available to someone who has access to get at your computer.

    There is a difference between identification and authentication (your claim of who you are, and your proof of that claim). What you look like is identification.

  2. The Internet? by Jon.Laslow · · Score: 5, Insightful

    If you've ever posted a photo of yourself on Twitter, Facebook, Myspace, a blog, or your website, people can easily get a high-quality photo of you without you knowing it.

    Just sayin'.

  3. Re:hacking? Huh? by EdIII · · Score: 5, Insightful

    Don't tell me companies have made it illegal to notice the huge flaws in their products. I'm cynical, but not paranoid-delusional.

    What planet have you been on for the last couple of years? Seriously.. which one?

    This has nothing to do with tin-foil-hat paranoid delusions. The GP may have been referring to Dmitry Sklyarov, which another poster just mentioned to you. That was about Adobe. Adobe did/does have huge flaws in it's software and Mr. Sklyarov came to the U.S to demonstrate that Adobe's representations of security were basically just fluff. He was arrested, and it was a HUGE deal.

    This is not the only instance either. Anytime somebody dares to demonstrate how a security technology may be flawed those affected companies are using the DMCA and the corrupt/broken legisilative/judicial system to quash any dissemination of data that would reveal their products are snake oil.

    Just awhile back there was a posting here on /. where a group of university kids (MIT) were involved in a lawsuit to suppress information they uncovered involving vulnerabilities in another security system.

    There are plenty of examples where security is proven to be worthless and those affected financially have resorted to corrupt influences in the government to suppress the information and punish those involved with arrest.

    These things I have mentioned to you are not delusional. I would suggest you educate yourself with the facts before accusing somebody of just being paranoid. Especially, since the GP was referring to something factual.