Windows 10 facial recognition if fooled by security researchers
Researchers at the German IT Security company SySS GmbH successfully fooled the Windows 10 facial recognition system by using a printed photo of the user's face.
Their spoofing efforts were published on the cybersecurity site Seclists on Dec. 18. The cybersecurity experts bypassed Windows Hello -- which is Microsoft's password-free security software -- on both a Dell and Microsoft laptop running different versions of Windows 10, which is cause for concern for anyone using this feature to log into their account.
SEE ALSO:This nasty Android malware caused a phone to overload and bulgeDeceiving Windows 10 didn't take too much effort. It just required "having access to a suitable photo of an authorized person" to "easily" bypass the system, wrote the experts. The photo required is the full image of someone's face -- so if someone really wants to attempt to deceive the facial recognition system, the barriers aren't too great.
Similar to Apple's Face ID, it might be wise to view Windows Hello as a convenience feature, not a security feature.
Similar to the iPhone X's Face ID camera, Hello Windows uses an infrared camera (either built-in the or added separately) to recognize the unique shape and contours of a face before granting or denying access to a Windows account. But a flaw was found, specifically "an insecure implementation of the biometric face recognition in some Windows 10 versions."
They show their work below:
Many -- but not all -- Windows versions are vulnerable. In 2016, Microsoft included a new feature called Enhanced Anti-Spoofing to limit this sort of picture trickery. But even if this feature is enabled in your Windows settings, the researchers found a way to bypass the facial recognition system that ran older Windows versions, such as a Microsoft Surface Pro 4 device running 2016's Windows 10 Anniversary update, for instance.
However, the SySS researchers found that two new Windows versions, 1703 and 1709, are not vulnerable to their most simple spoofing attacks (using a printed photograph) if Enhanced Anti-Spoofing is enabled.
Their ultimate recommendation: Updating to Windows 10 version 1709, enabling anti-spoofing, and then having Windows Hello reanalyze your face.
If this sounds unappealing or risky, you can always go back to using a (not dumb) password. Infrared facial recognition in consumer applications is still relatively new, so flaws should be expected.
Similar to Apple's Face ID, it might help to view Windows Hello as a convenience feature, not a security feature.
Mashable has contacted Microsoft for comment and will update this story upon hearing back.
Featured Video For You
Here's how someone can track your location for $1,000
TopicsCybersecurityWindows
-
Tesla Robotaxis aren't coming in August, it seems芦山县公安局太平派出所“一听、二问、三解决”深入推进“大走访”开门评警活动广东省农科院动科所创新“三元渔光一体”模式,引领新能源与循环经济融合发展电动车限速限重引争议PS5 Pro: It looks like a sketch of the design just leaked广东居全国Top2!2023抖音电商产业带发展数据公布龙头齐聚,明星产品亮相!中山预制菜在预制菜“第一会”等你来超市未动 商铺先行 康师傅统一再吹“涨价风”Alcaraz, Sinner survive US Open wobbles180名志愿者为熊猫电影周服务
- ·N. Korea test
- ·石棉县中医医院加入我市120急救网络二级急救站
- ·A股重挫 遭遇“黑周一”
- ·超市未动 商铺先行 康师傅统一再吹“涨价风”
- ·I went to an offline dating event for singles. Here's how it went.
- ·没区别 没亮点 没创意
- ·Hello骑行,畅游菠萝的海!哈啰变身“徐闻菠萝推介官”
- ·拼命挂掉的“诈骗电话”,原来是派出所打来的……
- ·Which iPad Model Is Right for You?
- ·广东居全国Top2!2023抖音电商产业带发展数据公布
- ·从“傻大个”到“气质女”
- ·没区别 没亮点 没创意
- ·What to expect when a tech bubble bursts
- ·新丰县:巧用“一突出六强化”指挥棒,奏响春耕备耕“进行曲”
- ·石棉县拉开全国文明县城创建序幕
- ·壮哉 雅安 壮哉 红四方面军