Latest in Gear

Image credit:

Printed photos can fool Windows 10's Hello face authentication

You may want to download that Fall Creators Update soon.
Mariella Moon, @mariella_moon
December 21, 2017
Share
Tweet
Share

Sponsored Links

Devindra Hardawar/Engadget

Windows 10's facial authentication system might be able to tell the difference between you and your twin, but it could apparently be fooled with a photo of your face. According to researchers from German security firm SySS, systems running previous versions of the platform can be unlocked with a printed photo of your face taken with a near-infrared (IR) camera. The researchers conducted their experiments on various Windows 10 versions and computers, including a Dell Latitude and a Surface Pro 4.

The spoof isn't exactly easy to pull off -- someone who wants to access your system will have quite a bit of preparation ahead of them. In some cases, the researchers had to take additional measures to spoof the systems, such as placing tape over the camera. Not to mention, they needed high-quality printouts of users' photos clearly showing a close-up, frontal view of their faces.

Still, the researchers said the technique can successfully unlock computers and even released three videos showing it in action, which you can watch below. Somebody determined enough to break into your system could do so (they could scour your Facebook account for high-res photos they can modify, for instance), and your best bet is downloading and installing the Windows 10 Fall Creators Update. Simply installing the update isn't enough, though: your system will still be vulnerable. The researchers said you'll have to set up Windows Hello's facial authentication from scratch and enable the new enhanced anti-spoofing feature to make sure you're fully protected.

It's not just Microsoft's technology that has vulnerabilities, though. Its fellow tech titans, Apple and Samsung, are also having trouble with their authentication systems. A German hacking group found that the S8's iris scanner can be spoofed using a photo of the user with contact lens on top, while another group of security researchers said they found a way to fool iPhone X's face scanning system with masks.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Presenting the Best of CES 2021 winners!

Presenting the Best of CES 2021 winners!

View
Tesla is hiring people to handle complaints people tweet at Elon Musk

Tesla is hiring people to handle complaints people tweet at Elon Musk

View
Synthetic cornea helped a legally blind man regain his sight

Synthetic cornea helped a legally blind man regain his sight

View
Paramount+ will replace CBS All Access on March 4th

Paramount+ will replace CBS All Access on March 4th

View
Samsung's latest rugged tablet gets a Dex and WiFi 6 update

Samsung's latest rugged tablet gets a Dex and WiFi 6 update

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr