Tag: ERNW

  • New Windows Hello Vulnerability Allows Face Login by Hackers

    New Windows Hello Vulnerability Allows Face Login by Hackers

    Key Takeaways

    1. ERNW introduced a new exploit called “Faceplant” that compromises Windows Hello for Business, revealed at Black Hat USA 2025.
    2. The attack allows an attacker with admin rights to bypass another user’s facial recognition login by injecting a stolen biometric template.
    3. The attacker can create a biometric template by registering their face on any computer, then decrypt and pull the victim’s template.
    4. This method differs from the previous “Face Swap” exploit, which required exchanging identifiers between registered user accounts.
    5. The findings emphasize the need for improved security measures in biometric systems to prevent such vulnerabilities.

    ERNW has revealed a new method to compromise Microsoft’s Windows Hello for Business. This revelation took place at the Black Hat USA 2025 conference. The exploit builds off a related vulnerability that was disclosed by the company in July.

    Details of the Attack

    This latest exploit, known as “Faceplant,” enables an attacker with admin rights to completely circumvent another user’s facial recognition login. The researchers clarified that the attacker can first register his/her face on any computer, which creates a biometric template. In simple terms, a biometric template is a digital version of your face that the computer makes and stores when you register your face or fingerprint. This template is what the computer uses to recognize your face or fingerprint when you try to log in.

    To execute the attack, the intruder decrypts and pulls the template. In the final phase, the attacker injects this template into the victim’s biometric database on the target machine. This grants the attacker access as if they were the victim, using their own facial features. This attack marks a notable shift from the Face Swap exploit that ERNW discussed in July.

    Comparison to Previous Exploit

    The earlier attack required the attacker to exchange identifiers, which are tags that point to templates, between two user accounts that were already registered on the same device. In contrast, this new method targets the templates directly, rather than the identifiers, allowing the perpetrator to create the harmful template on any computer.

    ERNW has made a significant advancement in demonstrating these risks within biometric security systems, highlighting the need for enhanced protections.

    Source:
    Link

     

    Tags: ,
  • Windows Laptops and Desktops Have Security Flaw for Unauthorized Login

    Windows Laptops and Desktops Have Security Flaw for Unauthorized Login

    Key Takeaways

    1. Vulnerability found in Windows Hello for Business, allowing identity theft by attackers with device access.
    2. “The Face Swap” attack exploits biometric data processing, enabling unauthorized access.
    3. Attackers with administrative rights can alter user biometric identifiers, fooling the system.
    4. Proof-of-concept demonstrated that attackers can impersonate other users on the same device.
    5. Microsoft has been informed, but a comprehensive fix may require a complete system redesign.

    A recent investigation by ERNW, a security research company based in Germany, has uncovered a vulnerability in Windows Hello for Business, which is Microsoft’s system for password-free authentication. This study was part of a project supported by Germany’s Federal Office for Information Security (BSI). The findings reveal that attackers who already have access to a device can take advantage of the system’s design to carry out identity theft.

    The Face Swap Attack

    The attack, called “The Face Swap,” exploits how Windows Hello processes biometric information. Rather than using a person’s biometric data for direct verification, the system unlocks a cryptographic key that is kept on the device. ERNW’s researchers discovered that someone who has administrative rights can reach and alter the database that connects a user’s identity to their biometric template.

    Proof-of-Concept Demonstration

    During their testing, the researchers managed to interchange the identifiers of two users who were registered in the system. This swap completely fooled the system; an attacker could simply sit in front of the camera, and Windows Hello would recognize their face, granting them access to the victim’s account, which includes all corporate network resources, files, and sensitive data.

    In simpler words, on any Windows computer equipped with Windows Hello that has more than one user profile, this security flaw enables anyone with admin rights to impersonate other users within that system.

    Disclosure and Future Implications

    ERNW has informed Microsoft about these vulnerabilities, but they believe that a comprehensive fix is improbable since it would necessitate a complete redesign of the system’s architecture. In another incident, ERNW also reported a significant flaw in Linux systems two weeks ago that allowed attackers unrestricted access to those systems.

    Source:
    link

    Tags: , ,