1. InfoconDB
  2. Black Hat
  3. Black Hat USA 2021
  4. Bypassing Windows Hello for Business and Pleasure

Bypassing Windows Hello for Business and Pleasure

Presented at Black Hat USA 2021, Aug. 4, 2021, 1:30 p.m. (40 minutes)

<div><span>Windows Hello is the most popular password-less solution that includes authentication by either PIN code or biometric authentication. As a password-less technology, Windows Hello provides people with a more convenient authentication experience compared with the traditional password technique. In addition, it promises better security – but is it the truth? Would it make the lives of attackers harder or easier?</span></div><div><span><br></span></div><div><span>In this talk, we'll introduce our research on attacking the face recognition mechanism of Windows Hello and show how an attacker can bypass Windows Hello using an external crafted USB device.</span></div><div><span><br></span></div><div><span>Every biometric authentication process includes biometrics collection, preprocessing, liveness detection, and feature matching. Windows Hello is no different, and some processes apply to it as well, including an anti-spoofing mechanism to detect frauds and bypass attempts.</span></div><div><span><br></span></div><div><span>We'll discuss how face recognition authentication works, how to trick the Windows Hello engine with a modified USB device, and how to capture the relevant picture frames for bypassing the login phase.</span></div><div><span><br></span></div><div><span>In addition, we will see how our findings can affect other biometrical authentication across other devices and systems.</span></div><div><span><br></span></div><div><span>Besides, we will overview the biometric system in Windows, how it is designed and what data can be interesting from the attacker's perspective and what defenders should do to prevent attackers' access.</span></div><div><span><br></span></div><div><span>Finally, we will discuss how this knowledge can go to practical red team engagements.</span></div>

Presenters:

  • Omer Tsarfati - Security Researcher, CyberArk
    Omer Tsarfati is a Cyber Security Researcher at CyberArk Labs. He focuses on discovering new research techniques and beating difficult security challenges while implementing them into the cybersecurity area, either from the attacker's or the defender's point of view. Omer's primary research areas are network defense, cloud security, android applications, and web servers. Prior to CyberArk, Omer served in the Israeli Army in an elite unit.

Links:

Similar Presentations: