CATEGORIES
home News

Windows 10 Hello Face Authentication Defeated With A Simple Photo Printout

by Brandon HillThursday, December 21, 2017, 11:35 AM EDT
surface pro 3
If you're running an older version of Windows 10, and make heavy use of Windows Hello to login to your PC, you might want to consider moving to the latest build. Researchers from German security firm SYSS have discovered that the Windows Hello biometric authentication system can be defeated using a printed-out picture.

We should mention that while the is a serious security breach, it requires a bit of work to successfully accomplish. A close-up, high-resolution image of the target's face must first be captured with a near-infrared camera (that's the first hurdle). The captured image then forms the basis for tricking the near-infrared cameras that are embedded in modern notebooks to support Windows Hello. You will then need direct physical access to the computer in question (which represents the second hurdle).

The SYSS researchers found that with a Microsoft Surface Pro 4 convertible running the Windows 10 Anniversary Update (which was released during the summer of 2016), they were able to unlock it with the printed-out picture. To help protect against such attacks, Microsoft has an anti-spoofing option that can be enabled for additional protection. However, anti-spoofing proved ineffective with the Anniversary Update in SYSS' testing.

Microsoft beefed up its anti-spoofing technology with the follow-up Windows 10 Creators Update and Fall Creators Update releases in 2017. With the feature enabled, the researchers were unable to break through. However, with the feature disabled, they were able to once again fool Windows Hello.

While it's definitely good news to hear that the Creators Update and Fall Creators Update have hardened defenses against spoofing, we must point out that the majority of the notebooks that are shipping these days with Windows Hello cameras don't actually support anti-spoofing.

It should be noted that even if you have a system with a Windows Hello camera, have anti-spoofing enabled, and have upgraded to the Fall Creators Update, you still aren't guaranteed to be fully protected from the spoofing attack. After upgrading to the Fall Creators Update, users will need to go back and re-setup Windows Hello face authentication and re-enable anti-spoofing. 

While SYSS's spoof might be a bit challenging to successfully pull off, it's child's play compared to the efforts that must be undertaken to spoof the iPhone X's Face ID system.

Tags:  Windows 10, (nasdaq:msft), windows hello, fall creators update, syss
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment