Windows 10 facial recognition unlock fooled by a photo

Leigh Mccormick
December 22, 2017

The Register spotted SYSS's advisory on Full Disclosure. Microsoft is understood to have included a fix for the flaw in October's Fall Creators Update. It is the update version KB4053577, which patches issues that may cause the reset of its global settings preference file.

The photo doesn't need to be anything special, either. This is held in front of the Windows Hello sensor, which duly unlocks the device. Another method involved placing opaque sticky tape over the RGB camera lens and then holding the same printout up. The researchers tested the trick against several products, including a Dell Latitude laptop with a USB webcam and Microsoft's own Surface Pro 4. While these utilities are not built into the existing production version of Windows, the addition of them into the Insider builds shows that Microsoft is taking Linux seriously and is trying to appeal to those who use it regularly. Enhanced anti-spoofing appears to be ineffective at stopping the exploit on older versions of Windows 10.

Hackers can get past the Windows Hello face recognition on old Windows 10 by using a printed photograph, a German security outfit has discovered.

The attack works against multiple versions of the Windows 10 OS, but researchers are urging users to upgrade to the Fall Creators Update to stay protected. The details of how Windows is fooled into authenticating the printed photo are unclear.

Outage at Atlanta airport affecting flights in Louisville
Airport officials said Georgia Power sent fix teams to the scene to work on the issue, and they had been there since 1:30 p.m. A flight headed from the Quad-City airport to Detroit today also was canceled, although she said no reason.

The research supports the theory that certain biometric security mechanisms may not be as secure as once thought.

As The Register reports, Syss claims that even if Windows Hello has its enhanced anti-spoofing mode enabled, a somewhat differently modified photo can still be used to successfully log onto the target machine.

The bundled version of Curl in Windows 10 will be located at C:\Windows\System32\curl.exe and is now version 7.55.1, which is from August 2017. Researchers recommend anyone using the feature to go back and set it up again after updating, while also making sure anti-spoofing is enabled.

Other reports by

Discuss This Article