Windows Hello can't be deceived using photos, but there's a catch

Recently iPhone X has been under the radar of security experts who were trying to test its new Face ID. As it turns out, with the right photo, iPhone X’s Face ID could be fooled easily which raised questions on Face Recognition being used as a replacement for the existing Fingerprint scanner.

Following the same footsteps, two researchers decided to test the reliability of Windows Hello which uses Face Recognition as well. Matthias Deeg and Philipp Buchegger who work for SySS decided to test the capabilities of Windows Hello. They used two different tests, one with Enhanced Anti-Spoofing and the other without it. The researchers found out that the security of Windows Hello depends on what device and which version of Windows 10 is installed.

They were able to bypass the Windows Hello using special features in a photo which were:

• The face of the person was photographed head-on
• The person’s photo was taken in the near-infrared area
• Brightness and contrast of the image were changed by simple means
• The paper printout was made with a laser printer

The specifications are not normally found in a picture but it can be made to target a specific PC. The researchers also noted that devices running Windows 10 version 1703 and 1709 with Enhanced Anti-Spoofing compatible hardware can’t be fooled using the following method. However, PCs with older versions of Windows 10 can be easily bypassed. They also pointed out that any device getting upgraded from Windows 10 version 1511 or 1607 is vulnerable until Antil-Spoofing is configured.

In short, the best way to protect is to make sure you have the latest version of Windows 10 and also use hardware recommended by Microsoft that supports Enhanced Anti-Spoofing.

Via: Winfuture; SySS