HomeWinBuzzer NewsWindows Hello Can be Fooled by Fake Camera Images

Windows Hello Can be Fooled by Fake Camera Images

Hackers can use fake infra-red camera images to bypass Windows Hello authentication, with just two frames needed.

-

is a security feature built into that provides numerous solutions. The idea is to remove the reliance on passwords – something Microsoft is big on at the moment – through more robust security measures. However, not even Windows Hello is infallible in the world of consistent .

And hackers have proved just that by bypassing Windows Hello security through a fake USB camera. Specifically, threat actors took infra-red images of targets and transmitted them through Windows Hello. 's security accepted the images as authentication.

At the core of this problem is Windows Hello seemingly accepts just about any Infra red camera as a compatible camera. This means a hacker can manipulate the data and trick Hello by capturing the target PC in an IR image.

Method

Worse is it is relatively easy to do, with just two frames of the PC – a blank frame and IR capture frame – to bypass the service. The method was disclosed by CyberArk, which points out capturing the IR image from a PC is the only obstacle an attacker would need to overcome. This could be achieved by a long-range IR camera or hiding cameras close to a machine.

Still, it is worth pointing out the attacker would need some kind of environmental access to the system they want to attack.

Microsoft has confirmed the vulnerability and assigned it in  advisory CVE-2021-34466. The company says using Windows Hello Enhanced Sign-in Security is a workaround for the problem. However, this means only Windows Hello cameras on the cryptographic chain of trust from OEMs can be used. As you might expect, that is not all Windows Hello cameras.

Tip of the day: If your PC keeps connecting to the wrong WiFi network, you can set WiFi priority to avoid the need to manually select access points over and over again.Attack-Path-Windows-Hello-Bypass-CyberArk

SourceCyberArk
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News