German pen-testing company SySS GmbH stated in a report published yesterday that Windows 10’s Windows Hello feature is vulnerable to an attack. The attack against the facial recognition feature can be done by just using a picture.
Researchers took a laser color printout of a 340×340 pixels photo of the face of the device’s owner then modified it to get as close as possible to the IR spectrum. And with this, they were able to unlock many Windows Hello activated devices.
Those of you who are unfamiliar with Windows Hello. It is a feature released by Microsoft for Windows that uses near-infrared (IR) imaging to unlock and authenticate Windows devices including all sorts of Windows devices such as desktops, laptops, and tablets.
Many of you may be thinking that the attack would not work if “enhanced anti-spoofing” feature was enabled in the Windows Hello settings panel. But you thought wrong as even this feature cannot prevent the attack if a photo of a higher resolution of 480×480 pixels was used.
The feature is not that known because only a few devices come with the necessary hardware. The feature is quite useful as a computer can easily be unlocked with it without having to type long passwords.
To resolve this issue, Microsoft delivered updates to patch this attack only for Windows 10 1703 and 1709 releases.
“SySS recommends to update to the latest revision of Windows 10 version 1709, to enable the ‘enhanced anti-spoofing’ feature, and to reconfigure Windows Hello Face Authentication afterward,” researchers say.
Reconfiguring Windows Hello seems very important now because the attack can take place even after the update. Even if the user was already using the “enhanced anti-spoofing” feature the attack can happen. Here is the video so you can get more details about the issue:
Windows 10 Facial Recognition still seems to be vulnerable to attacks. We will keep you updated on this issue in the future. Meanwhile, stay tuned to Times Of Silicon for more such informative posts and updates.