Latest in Gear

Image credit:

Printed photos can fool Windows 10's Hello face authentication

You may want to download that Fall Creators Update soon.
Mariella Moon, @mariella_moon
December 21, 2017
Share
Tweet
Share

Sponsored Links

Devindra Hardawar/Engadget

Windows 10's facial authentication system might be able to tell the difference between you and your twin, but it could apparently be fooled with a photo of your face. According to researchers from German security firm SySS, systems running previous versions of the platform can be unlocked with a printed photo of your face taken with a near-infrared (IR) camera. The researchers conducted their experiments on various Windows 10 versions and computers, including a Dell Latitude and a Surface Pro 4.

The spoof isn't exactly easy to pull off -- someone who wants to access your system will have quite a bit of preparation ahead of them. In some cases, the researchers had to take additional measures to spoof the systems, such as placing tape over the camera. Not to mention, they needed high-quality printouts of users' photos clearly showing a close-up, frontal view of their faces.

Still, the researchers said the technique can successfully unlock computers and even released three videos showing it in action, which you can watch below. Somebody determined enough to break into your system could do so (they could scour your Facebook account for high-res photos they can modify, for instance), and your best bet is downloading and installing the Windows 10 Fall Creators Update. Simply installing the update isn't enough, though: your system will still be vulnerable. The researchers said you'll have to set up Windows Hello's facial authentication from scratch and enable the new enhanced anti-spoofing feature to make sure you're fully protected.

It's not just Microsoft's technology that has vulnerabilities, though. Its fellow tech titans, Apple and Samsung, are also having trouble with their authentication systems. A German hacking group found that the S8's iris scanner can be spoofed using a photo of the user with contact lens on top, while another group of security researchers said they found a way to fool iPhone X's face scanning system with masks.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The SSC Tuatara has broken 330 mph and shattered a world speed record

The SSC Tuatara has broken 330 mph and shattered a world speed record

View
Living with TCL's 8-series 4K TV: Quality without paying for OLED

Living with TCL's 8-series 4K TV: Quality without paying for OLED

View
Can Evernote make a comeback?

Can Evernote make a comeback?

View
Beats Flex review: The cost of $50 wireless earbuds

Beats Flex review: The cost of $50 wireless earbuds

View
How to pick the right iPhone 12

How to pick the right iPhone 12

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr