One of the first protective barriers that Microsoft has in Windows 10 is Hello. This system is prepared to work on several fronts, giving users the possibility to authenticate themselves with various biometric elements.
This is a stable and secure system, ensuring the protection of Windows and users. Still, as has now been discovered, Windows Hello has a security hole that allows it to be easily fooled.
Prepared to work with the best that the market has to offer in terms of webcams and fingerprint readers, Windows Hello acts as a security barrier. It evaluates the data received and only allows access to authorized users.
It doesn't just recognize images and uses additional elements to authenticate users. Elements such as images from infrared, RGB and other sensors are the guarantee that the user present is who he says he is, blocking unauthorized access.
The CyberArk company security team found out now a serious security breach. They managed to fool Windows Hello with external image resources, without the user's presence. Thus, all the protection offered falls to the ground.
The way to achieve this feat was apparently simple and revealed the flaw. They created a USB device that simulates an external webcam and serves the infrared images that Windows Hello was waiting for. Of the tests performed, only one of these images was enough.
This may not be the simplest method to use to gain access to Windows. In addition to needing physical access to the machine that will be attacked, it also requires special images of the user who has access to it.
Microsoft has already reacted to this failure and released a fix for this problem. In addition to this update, it recommends that users enable additional security features that encrypt and protect user images in safer areas.
-
