Security

Despite detailed demonstrations that the security of its Veriface face recognition technology can be manipulated to gain unlawful access, Lenovo is keeping current notebook models equipped with it.

In an e-mail interview with ZDNet Asia, a Singapore-based Lenovo representative said the company has "no plans to pull affected models." However, the PC maker does plan to continue to upgrade the face recognition technology.

The technology's vulnerability was demonstrated in December by the Bach Khoa Internetwork Security (BKIS) center in Hanoi, Vietnam.

At the Black Hat security conference last month, researchers Nguyen Minh Duc and Bui Quang Minh presented a paper (PDF) that detailed Veriface's face authentication and the bypass.

According to the paper, tests were performed on Asus, Lenovo, and Toshiba laptops fitted with 1.3-megapixel cameras. The bypass model illustrated that a person was able to log in to the Windows Vista machines using photos or videos to initiate a face recognition process.

"All the applications tested are of their latest versions and are set to Highest Security Level," the researchers wrote in the paper. The technologies were identified as Asus SmartLogon V1.0.0005, Lenovo Veriface III, and Toshiba Face Recognition 2.0.2.32.

Nguyen and Bui added: "Veriface is in fact the least secure of the (three applications) as we can log into the account using a plain image of the owner without much effort."

Lenovo, its representative noted, offers face recognition technology "as an alternative security option for consumers who would like the convenience of not having to remember yet another password." Within the region, Veriface technology is available in Lenovo's IdeaPad notebooks and Netbooks as well as its IdeaCenter desktops.

He added: "Like all technologies, early adoption reveals initial issues that are improved over time and Veriface, which is only used in our consumer range of notebooks, continues to be upgraded. Our advice to concerned consumers is to take basic safety measures to limit their vulnerabilities--store your notebook securely."

Asus and Toshiba did not respond to similar queries from ZDNet Asia.

Asus, Lenovo and Toshiba are said to be the only three vendors offering face recognition technology in the region. Hewlett-Packard announced last year that HP Labs had developed facial recognition technology in collaboration with Tsinghua University in Beijing. However, a Singapore-based representative confirmed that there are no HP products with face recognition technology in the region.

Vivian Yeo of ZDNet Asia reported from Singapore.

(Credit: Sony)

Sony is taking biometrics from the surface of the finger to the inside with a new vein authentication technology that could show up on mobile devices within the year.

The compact, camera-based system--called "Mofiria," though we're not sure why--uses a CMOS sensor to diagonally capture scattered light inside the finger veins. Data from the pattern is compressed, making it possible for the information to be stored on gadgets like laptops or cell phones.

Sony says vein authentication technology achieves higher accuracy and produces faster reads than other biometric authentication techniques, such as fingerprint or retinal scans. Finger vein patterns differ from person to person and finger to finger, Sony noted, and do not change over the years. Also, they're much easier to remember than passwords.

Sony claims that false rejection rate for the system is less than 0.1 percent and processing time for identification takes only about 0.015 seconds using a personal computer CPU and about 0.25 seconds using a mobile-phone CPU.

The DNA records of about 850,000 people could be wiped from the U.K.'s national database after the European Union ruled it breached human rights.

The European Court of Human Rights decision on Thursday means that the DNA details and possibly fingerprints of people suspected of a crime, but later cleared, could be removed.

The court found that in keeping the DNA details of people suspected of a crime the "state had overstepped any acceptable margin of appreciation."

The case was brought by two Britons, Michael Marper and "S", who were cleared of crimes and challenged the government over their details being kept on the 4.5 million-strong police database.

A U.K. Home Office representative said the government has until March before it must take any action on the ruling.

Home Secretary Jacqui Smith expressed dissatisfaction with the verdict, saying in a statement: "DNA and fingerprinting is vital to the fight against crime, providing the police with more than 3,500 matches a month, and I am disappointed by the European Court of Human Rights' decision...The existing law will remain in place while we carefully consider the judgment."

Privacy pressure group NO2ID welcomed the decision with the organization's national coordinator Phil Booth describing it as a victory for liberty and privacy.

Nick Heath of ZDNet UKreported from London.