The facial recognition module can be fooled via low resolution photos. To exploit this vulnerability, an attacker would need access to the photo processing system or host where the system is running. Access to the photo processing system can typically be gained via web application vulnerabilities. Access to the host can typically be gained via misconfiguration of the system or host. Depending on the type of access and configuration, an attacker may be able to obtain low resolution photos of authenticated users. These authenticated users may then be fooled into providing false data when the facial recognition module is being used. Various low resolution photos can be used to fool the facial recognition module. One low resolution photo may be enough to fool the facial recognition module. An attacker may then be able to access data from a variety of authenticated users.

Affected Devices

The facial recognition module is a feature found on the Dell Latitude E5420.
Organizations are increasingly adopting facial recognition as a biometric security measure. To prevent unauthorized access and misuse, organizations must regularly update all devices with the latest, most current software patches. For example, Dell released an update for their facial recognition module on June 24, 2017.
Affected devices could be updated to prevent this vulnerability from being exploited by updating the firmware of all affected devices.

Vulnerability overview

This vulnerability is caused by the facial recognition module accepting low resolution photos. The facial recognition module can be fooled by sending a photo that is under a certain resolution to fool it into mis-identifying the person in the photo. This could allow an attacker to access data from authenticated users as well as take photos of them with their face disguised.

Vulnerable Device Types

The facial recognition module can be fooled via low resolution photos. By relying on the low resolution photo, an attacker can fool the system into thinking they are a valid user.

Timeline

Published on: 10/14/2022 16:15:00 UTC
Last modified on: 10/18/2022 15:38:00 UTC

References