Windows 10 News: 'Hello' Facial Recognition Security Feature Spoofed With Printed Photo

By Jessica Ferrera, Christian Post Contributor

Security researchers recently learned that the Windows Hello security authentication feature found on certain Windows 10 versions can be spoofed with a printed photo of the computer user.

Windows Hello is Microsoft's own facial authentication system on select computers running with Windows 10 and has an illuminated infrared camera.

Earlier this week, security researchers from the pen-testing group SYSS released their findings that an updated Windows 10 with the Hello feature can be bypassed with a printed photo of the user, according to ZDNet.

Get Our Latest News for FREE

Subscribe to get daily/weekly email with the top stories (plus special offers!) from The Christian Post. Be the first to know.

In the report from SYSS, the researchers explained: "By using a modified printed photo of an authorized user, an unauthorized attacker is able to log in to or unlock a locked Windows 10 system as this spoofed authorized user."

SYSS further explained that by using a "suitable photo" that showed the user's face, an attacker can access a Windows 10 computer "with little effort."

The researchers added that based on their experiment, a printed photo was able to bypass the biometric authentication system both with its default settings and even when it was configured with an "enhanced anti-spoofing feature."

SYSS used a "modified printed photo" bearing the face of the authorized user for the experiments that were done on a Dell Latitude E7470 laptop running on Windows 10 Pro version 1703 with a webcam, and on a Microsoft Surface Pro 4's built-in camera powered with Windows 10 Pro version 1607.

With varying modifications, the spoofing test worked on both computers, and they showed that the said Windows 10 Pro versions were vulnerable to attack and needed to be updated.

In the SYSS report, the researchers also listed the Windows 10 versions that carry the said spoofing vulnerability on Windows Hello. So, affected users were highly advised to install the Windows 10 version 1709 update on their computers.

To ensure that the spoofing method will not work, users will have to enable the enhanced anti-spoofing feature and reconfigure the Windows Hello settings after installing the version 1709 update.

Was this article helpful?

Help keep The Christian Post free for everyone.

By making a recurring donation or a one-time donation of any amount, you're helping to keep CP's articles free and accessible for everyone.

$25/month$50/quarter$100/yearOne-time

We’re sorry to hear that.

Hope you’ll give us another try and check out some other articles. Return to homepage.