Researchers Hack Biometric Faces 244
yahoi sends in news from a week or so back: "Vietnamese researchers have cracked the facial recognition technology used for authentication in Lenovo, Asus, and Toshiba laptops in lieu of the standard logon/password. The researchers were able to easily bypass the biometric authentication system built into the laptops by using photos of an authorized user, as well as by presenting multiple phony facial images in brute-force attacks. One of the researchers will demonstrate the hack at Black Hat DC this week. He says the laptop makers should remove the facial biometrics feature from their products because the vulnerability of this technology can't be fixed."
Re:hacking? Huh? (Score:3, Informative)
Re:Mythbusters & fingerprint recognition (Score:2, Informative)
Re:Ok then... (Score:2, Informative)
Re:Last season in Burn Notice (Score:2, Informative)
Re:hacking? Huh? (Score:5, Informative)
Here's an up-to-date partial list of security researchers who have been threatened with legal action for releasing research on security vulnerabilities:
http://attrition.org/errata/legal_threats/ [attrition.org]
It should give you an idea of why people are concerned.
Re:hacking? Huh? (Score:3, Informative)
You want me to get my facts straight? Ummm, OK.
What situation are you referring to in the first place? I also don't understand the difference between reverse engineering code and demonstrating the function of intact code. Both would seem to me to have the same goal, which is to demonstrate that the intended goal of the software is flawed in some way. Neither should be illegal and cause for arrest. It should not be grounds for a lawsuit either.
By all means, please be more specific as to the differences. I would like to know just how one of the situations I mentioned should be illegal or actionable. Help me get my facts straight. Provide your arguments why the arrest was correct and explain the actions.