ZDNetAsia : Printer Friendly - Your face is easy to fake, says security company

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Asia.
--------------------------------------------------------------

Your face is easy to fake, says security company

By Dong Ngo
Wednesday, December 03 2008 09:33 AM
URL: http://www.zdnetasia.com/news/security/0,39044215,62048946,00.htm

HANOI, Vietnam--Regardless of what some people seem to think, we Asians do not all look the same. But according to the current face recognition algorithm used in laptops, our faces are all about as flat as a piece of paper.

That's according to BKIS, a Vietnamese Internetwork Security Center. At a press conference here Tuesday, the company demonstrated vulnerabilities in laptops' face recognition-based authentication mechanisms that let anyone log in to a computer easily with a photo of the legit owner, even at the highest authentication level.

Using your face as the password to log in to a computer--an alternative to the fingerprint method or the traditional username and password--marks a new trend found in laptops from Lenovo, Asus and Toshiba. It is believed only these three vendors currently offer this technology in their laptops. These computers come with a built-in Webcam that's used to capture and analyze faces.

In addition to a Lenovo Y430, BKIS also showed that the same hack can be performed with two demo laptops from Asus and Toshiba. It charged that all laptops from these vendors currently equipped with the technology are similarly vulnerable.

BKIS says it informed all three related vendors about the findings and invited them to the demonstration. However, none were present. Toshiba and Asus representatives in Vietnam were unreachable. A Lenovo representative in Vietnam said the company would get back to me via e-mail, but did not by press time.

This is not the first time BKIS has discovered security holes. Recently, the center alerted Microsoft to the vulnerability in Windows Media Encoder 9 and turned up the latest vulnerability in Chrome.

Quang Tu Nguyen, BKIS' director, said these face recognition vulnerabilities are very hard to fix without making the log-in process significantly less easy to use, which defeats the purpose of the technology. For now, he advised owners of these laptops to use the traditional username and password authentication method--or just don't not to trust the computer with sensitive information.

This article was first published as a blog post on CNET News.com.