Provocatively billing his presentation, at the current Black Hat convention, as "Your face is NOT your Password", the Vietnamese security expert Duc Nguyen will reveal how he and his fellow researchers succeeded in hacking the facial recognition systems on several makes of laptop.
A Darkreading post reports that the affected systems are Veriface III, SmartLogon 1.0.0005 and Face Recognition 126.96.36.199, used respectively by Lenovo, Asus and Toshiba. These laptops, some running under XP and others under Vista, use webcams in conjunction with facial recognition systems, instead of more conventional authentication mechanisms.
The researchers claim they were able to trick their way past the recognition systems with great ease by using the photographs of registered users, or even doctored images. Apparently all they had to do was generate a large number of images to make what they dub a "Fake Face Bruteforce" attack. Nguyen will be presenting the tool he and his colleagues developed for the hack.
They are calling on laptop makers to remove biometric authentication from their machines and to warn all users against using the facial recognition function.