Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Hack Biometric Faces

Posted by kdawson on from the face-off dept.

yahoi sends in news from a week or so back: "Vietnamese researchers have cracked the facial recognition technology used for authentication in Lenovo, Asus, and Toshiba laptops in lieu of the standard logon/password. The researchers were able to easily bypass the biometric authentication system built into the laptops by using photos of an authorized user, as well as by presenting multiple phony facial images in brute-force attacks. One of the researchers will demonstrate the hack at Black Hat DC this week. He says the laptop makers should remove the facial biometrics feature from their products because the vulnerability of this technology can't be fixed."

7 of 244 comments (clear)

  1. hacking? by Anonymous Coward · · Score: 5, Funny

    Shouldn't they get charged with hacking the researchers faces off? That is kind of brutal no?

    1. Re:hacking? by Anonymous Coward · · Score: 5, Funny

      Being an average, white American, I reckon an Asian having a biometric face-secure laptop is just plain stupid. 9 billion Chinese probably all can get into each other's raptops, no shit, G.I. They all sure do look alike, don't they? My Pa sure thinks so. So does his wife, my sister. Man, she's hot.

  2. Re:Ok then... by Sir+Groane · · Score: 5, Funny

    Everything is somewhat vulnerable, and a determined intruder with infinite resource will almost always find a way in.

    The point is facial recognition alone is so vulnerable! All you need is a cameraphone and a photo printer - and you can't revoke your face as your password either. At least with fingerprints you can get hacked nearly 10 times (on average) before it becomes a problem.

  3. Re:Ok then... by GrenDel+Fuego · · Score: 5, Insightful

    I definitely disagree here. While passwords can be brute forced given enough time, your face is almost certainly available to someone who has access to get at your computer.

    There is a difference between identification and authentication (your claim of who you are, and your proof of that claim). What you look like is identification.

  4. Re:Ok then... by spleen_blender · · Score: 5, Interesting

    I don't comment that often but does anyone have any idea on the viability of stereoscopic facial recognition? Wouldn't that make a 3d model required to be presented to the input instead just a 2d one? Or two 2d images offset at the right angle for the distance from the cameras?

  5. The Internet? by Jon.Laslow · · Score: 5, Insightful

    If you've ever posted a photo of yourself on Twitter, Facebook, Myspace, a blog, or your website, people can easily get a high-quality photo of you without you knowing it.

    Just sayin'.

  6. Re:hacking? Huh? by EdIII · · Score: 5, Insightful

    Don't tell me companies have made it illegal to notice the huge flaws in their products. I'm cynical, but not paranoid-delusional.

    What planet have you been on for the last couple of years? Seriously.. which one?

    This has nothing to do with tin-foil-hat paranoid delusions. The GP may have been referring to Dmitry Sklyarov, which another poster just mentioned to you. That was about Adobe. Adobe did/does have huge flaws in it's software and Mr. Sklyarov came to the U.S to demonstrate that Adobe's representations of security were basically just fluff. He was arrested, and it was a HUGE deal.

    This is not the only instance either. Anytime somebody dares to demonstrate how a security technology may be flawed those affected companies are using the DMCA and the corrupt/broken legisilative/judicial system to quash any dissemination of data that would reveal their products are snake oil.

    Just awhile back there was a posting here on /. where a group of university kids (MIT) were involved in a lawsuit to suppress information they uncovered involving vulnerabilities in another security system.

    There are plenty of examples where security is proven to be worthless and those affected financially have resorted to corrupt influences in the government to suppress the information and punish those involved with arrest.

    These things I have mentioned to you are not delusional. I would suggest you educate yourself with the facts before accusing somebody of just being paranoid. Especially, since the GP was referring to something factual.