Researchers at the German IT Security company SySS GmbH successfully fooled the Windows 10 facial recognition system by using a printed photo of the user's face.
Their spoofing efforts were published on the cybersecurity site Seclists on Dec. 18. The cybersecurity experts bypassed Windows Hello -- which is Microsoft's password-free security software -- on both a Dell and Microsoft laptop running different versions of Windows 10, which is cause for concern for anyone using this feature to log into their account.
SEE ALSO:This nasty Android malware caused a phone to overload and bulgeDeceiving Windows 10 didn't take too much effort. It just required "having access to a suitable photo of an authorized person" to "easily" bypass the system, wrote the experts. The photo required is the full image of someone's face -- so if someone really wants to attempt to deceive the facial recognition system, the barriers aren't too great.
Similar to Apple's Face ID, it might be wise to view Windows Hello as a convenience feature, not a security feature.
Similar to the iPhone X's Face ID camera, Hello Windows uses an infrared camera (either built-in the or added separately) to recognize the unique shape and contours of a face before granting or denying access to a Windows account. But a flaw was found, specifically "an insecure implementation of the biometric face recognition in some Windows 10 versions."
They show their work below:
Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter.By signing up you agree to our Terms of Use and Privacy Policy.Thanks for signing up! Many -- but not all -- Windows versions are vulnerable. In 2016, Microsoft included a new feature called Enhanced Anti-Spoofing to limit this sort of picture trickery. But even if this feature is enabled in your Windows settings, the researchers found a way to bypass the facial recognition system that ran older Windows versions, such as a Microsoft Surface Pro 4 device running 2016's Windows 10 Anniversary update, for instance.
However, the SySS researchers found that two new Windows versions, 1703 and 1709, are not vulnerable to their most simple spoofing attacks (using a printed photograph) if Enhanced Anti-Spoofing is enabled.
Their ultimate recommendation: Updating to Windows 10 version 1709, enabling anti-spoofing, and then having Windows Hello reanalyze your face.
If this sounds unappealing or risky, you can always go back to using a (not dumb) password. Infrared facial recognition in consumer applications is still relatively new, so flaws should be expected.
Similar to Apple's Face ID, it might help to view Windows Hello as a convenience feature, not a security feature.
Mashable has contacted Microsoft for comment and will update this story upon hearing back.
Featured Video For You
Here's how someone can track your location for $1,000 顶: 9踩: 89TopicsCybersecurityWindows
Windows 10 facial recognition if fooled by security researchers
人参与 | 时间:2024-09-21 19:32:17
相关文章
- We Bought the Cheapest DDR5 RAM Modules We Could Find, Are They Any Good?
- 广东北江发生今年第1号洪水!流量刷新1980年历史记录
- Ivanka Trump sits in for President Trump at G
- Modern slavery most prevalent in North Korea
- [Exclusive] Samsung unsure of Suga's future as brand ambassador: source
- North Korea hasn't met its promise to return US war remains
- Forgo year
- 22 more USFK
- Haider all set for Paralympics Ceremony
- Weak electrolyte bonds keep lithium metal battery running in the cold
评论专区