Windows Hello can be tricked using a printed photo

Published by

teaser

German security company SYSS discovered a flaw in the Hello Face Recognition System from Windows 10 users. You can access a Windows 10 system with a printed version of a user's face.



Any Windows 10 device effected (Surface Pro 4)  that DOES NOT have the Fall Creators update is vulnerable reports itporportal:

According to the company, printed versions of a user's face can be enough to trick the tool on some systems.The researchers claim that any Windows 10 device which has not yet installed Microsoft's recent Fall Creators Update could be at risk from what it calls a, "simple spoofing attack".

The flaw affects multiple different makes of hardware, with the team testing their claim on one of Microsoft's own Surface Pro 4 devices as well as others made by different manufacturers. Microsoft has not yet responded to the claims, but SYSS says it plans to reveal more work on the attack next spring.

"According to our test results, the newer Windows 10 branches 1703 and 1709 are not vulnerable to the described spoofing attack by using a paper printout if the "enhanced anti-spoofing" feature is used with respective compatible hardware," SYSS wrote in a blog post.

"Thus, concerning the use of Windows Hello face authentication, SYSS recommend updating the Windows 10 operating system to the latest revision of branch 1709, enabling the "enhanced anti-spoofing" feature, and reconfiguring Windows Hello face authentication afterwards."

The researchers published three proof-of-concept videos, see below. 

 

Windows Hello can be tricked using a printed photo


Share this content
Twitter Facebook Reddit WhatsApp Email Print