Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Webcam image resolution and compression are likely contributors to weaknesses in laptop facial recognition systems exposed by Vietnamese researchers at the Black Hat conference, according to a Hitachi Australia product specialist.
Aaron de Leon said that although details of the hacks were scarce, his opinion was that the demonstration was indicative of the risks of using biometric systems that scan external - rather than internal - parts of the user's body.
He said that standard webcams on laptops typically capture at resolutions of 800x600 active pixels.
The low resolution of the resulting image could make it easier to ‘trick' the laptop into allowing access to data and files.
"If the photo is taken by a cheap CCD module then certainly this could happen," de Leon said.
"Even though the image is taken at 800x600, it then needs to be reduced to some extent because you need a smaller sized file to use it in a biometric application.
"If you want to be able to authenticate the user in less than five seconds, the file size has to be very small - certainly less than a Megabyte."
De Leon did not agree that PC makers such as Lenovo, Asus and Toshiba should issue an alert to customers to stop using facial recognition systems on their laptops.
But he did say "they should use a more accurate type of biometric technology for PC logon applications".
Hitachi Australia has brought finger vein-scanning technology to Australia in the past 18 months.
De Leon pushed the technology as a more reliable biometric alternative for PC logon but acknowledged the cost per unit was up to three times more than the facial recognition systems exploited at Black Hat.
He said the technology had been implemented in "small scale projects" in Australia, predominately in the hospitality sector and through implementation partners such as Argus and Time Target.
Hitachi has also tried to get a foothold in the banking sector for physical access applications but the discussions have yet to bear fruit.
"We had some discussions about 15 months ago," said de Leon.
"We still keep in touch with the banks through a systems integrator and plan to revisit them in May."
De Leon said that Hitachi was seeking additional partners to bolster its finger vein-scanning presence in the market and also to help it achieve local security certifications.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.