Windows 10 facial recognition if fooled by security researchers
Researchers at the German IT Security company SySS GmbH successfully fooled the Windows 10 facial recognition system by using a printed photo of the user's face.
Their spoofing efforts were published on the cybersecurity site Seclists on Dec. 18. The cybersecurity experts bypassed Windows Hello -- which is Microsoft's password-free security software -- on both a Dell and Microsoft laptop running different versions of Windows 10, which is cause for concern for anyone using this feature to log into their account.
SEE ALSO:This nasty Android malware caused a phone to overload and bulgeDeceiving Windows 10 didn't take too much effort. It just required "having access to a suitable photo of an authorized person" to "easily" bypass the system, wrote the experts. The photo required is the full image of someone's face -- so if someone really wants to attempt to deceive the facial recognition system, the barriers aren't too great.
Similar to Apple's Face ID, it might be wise to view Windows Hello as a convenience feature, not a security feature.
Similar to the iPhone X's Face ID camera, Hello Windows uses an infrared camera (either built-in the or added separately) to recognize the unique shape and contours of a face before granting or denying access to a Windows account. But a flaw was found, specifically "an insecure implementation of the biometric face recognition in some Windows 10 versions."
They show their work below:
Many -- but not all -- Windows versions are vulnerable. In 2016, Microsoft included a new feature called Enhanced Anti-Spoofing to limit this sort of picture trickery. But even if this feature is enabled in your Windows settings, the researchers found a way to bypass the facial recognition system that ran older Windows versions, such as a Microsoft Surface Pro 4 device running 2016's Windows 10 Anniversary update, for instance.
However, the SySS researchers found that two new Windows versions, 1703 and 1709, are not vulnerable to their most simple spoofing attacks (using a printed photograph) if Enhanced Anti-Spoofing is enabled.
Their ultimate recommendation: Updating to Windows 10 version 1709, enabling anti-spoofing, and then having Windows Hello reanalyze your face.
If this sounds unappealing or risky, you can always go back to using a (not dumb) password. Infrared facial recognition in consumer applications is still relatively new, so flaws should be expected.
Similar to Apple's Face ID, it might help to view Windows Hello as a convenience feature, not a security feature.
Mashable has contacted Microsoft for comment and will update this story upon hearing back.
Featured Video For You
Here's how someone can track your location for $1,000
TopicsCybersecurityWindows
相关文章
NYT mini crossword answers for August 29
The Mini is a bite-sized version of The New York Times' revered daily crossword. While the crossword2024-09-21- 手机终端对物联网监管仓内的货物实时监控中国山东网青岛频道5月3日讯货物一经入库,3D智能扫描仪立即对货物进行扫描,产生体积、重量等信息,监控系统产生即时影像,这些都将在手机终端上显示,物流企业、客户、2024-09-21
润元兴2023中国(广州)国际茶博会唯一指定陈皮,百只“果王”惊艳羊城
润元兴2023中国广州)国际茶博会唯一指定陈皮,百只“果王”惊艳羊城_南方+_南方plus“金秋茶宴,羊城狂欢;佳茗荟萃,百器齐争”。11月24,为期4天的2023中国广州)国际茶业茶博会,在广交会展2024-09-21- 4月28日,青岛市金融办通报了一季度金融业运行情况。其中显示,全市金融业实现增加值135亿元 ,同比增长13.4%,在5个计划单列市中列首位。银行、保险、证券等都“全面开花”,2024-09-21
11 Telescopes Exploring The Magic of Space
Perhaps no invention has broadened our understanding of the universe more than the telescope. The ve2024-09-21润元兴2023中国(广州)国际茶博会唯一指定陈皮,百只“果王”惊艳羊城
润元兴2023中国广州)国际茶博会唯一指定陈皮,百只“果王”惊艳羊城_南方+_南方plus“金秋茶宴,羊城狂欢;佳茗荟萃,百器齐争”。11月24,为期4天的2023中国广州)国际茶业茶博会,在广交会展2024-09-21
最新评论