Lenovo sticking with face recognition tool
Despite detailed demonstrations that the security of its Veriface face recognition technology can be manipulated to gain unlawful access, Lenovo is keeping current notebook models equipped with it.
In an e-mail interview with ZDNet Asia, a Singapore-based Lenovo representative said the company has "no plans to pull affected models." However, the PC maker does plan to continue to upgrade the face recognition technology.
The technology's vulnerability was demonstrated in December by the Bach Khoa Internetwork Security (BKIS) center in Hanoi, Vietnam.
At the Black Hat security conference last month, researchers Nguyen Minh Duc and Bui Quang Minh presented a paper (PDF) that detailed Veriface's face authentication and the bypass.
According to the paper, tests were performed on Asus, Lenovo, and Toshiba laptops fitted with 1.3-megapixel cameras. The bypass model illustrated that a person was able to log in to the Windows Vista machines using photos or videos to initiate a face recognition process.
"All the applications tested are of their latest versions and are set to Highest Security Level," the researchers wrote in the paper. The technologies were identified as Asus SmartLogon V1.0.0005, Lenovo Veriface III, and Toshiba Face Recognition 2.0.2.32.
Nguyen and Bui added: "Veriface is in fact the least secure of the (three applications) as we can log into the account using a plain image of the owner without much effort."
Lenovo, its representative noted, offers face recognition technology "as an alternative security option for consumers who would like the convenience of not having to remember yet another password." Within the region, Veriface technology is available in Lenovo's IdeaPad notebooks and Netbooks as well as its IdeaCenter desktops.
He added: "Like all technologies, early adoption reveals initial issues that are improved over time and Veriface, which is only used in our consumer range of notebooks, continues to be upgraded. Our advice to concerned consumers is to take basic safety measures to limit their vulnerabilities--store your notebook securely."
Asus and Toshiba did not respond to similar queries from ZDNet Asia.
Asus, Lenovo and Toshiba are said to be the only three vendors offering face recognition technology in the region. Hewlett-Packard announced last year that HP Labs had developed facial recognition technology in collaboration with Tsinghua University in Beijing. However, a Singapore-based representative confirmed that there are no HP products with face recognition technology in the region.
Vivian Yeo of ZDNet Asia reported from Singapore.
Lenovo,
Don't defend it or improve it, just get rid of it. You make great laptops, don't drag the reputation south by sticking to Veriface as an authentication method.
For example passwords can be stolen if the computer is stolen,
or if the computer is accessed by someone while you are absent,
or somebody can see keyboard keys while you typing password
so ... security of face logon is comparable with password logon,
but face logon is more convenient
now I use Rohos Face Logon
http://www.rohos.com/products/rohos-face-logon/
I think this soft is reliable
if properly improved, this could be pretty cool
(p.s i have veriface ... if i want security i disable it ... otherwise i just have fun )
Besides, are people really so dumbed down that they can't remember their main password?
- by rbkirk March 12, 2009 6:56 PM PDT
- the facial recognition option is on Lenovo CONSUMER brand notebooks, not the tougher business line of Thinkpads. Its offered as a convenient way to log in, not a super secure way! It was never envisioned to be a high security offering.
- Like this Reply to this comment
-
(5 Comments)If you want a super secure noteboo