Windows 10 facial recognition if fooled by security researchers
Researchers at the German IT Security company SySS GmbH successfully fooled the Windows 10 facial recognition system by using a printed photo of the user's face. Their spoofing efforts were published on the cybersecurity site Seclists on Dec. 18. The cybersecurity experts bypassed Windows Hello -- which is Microsoft's password-free security software -- on both a Dell and Microsoft laptop running different versions of Windows 10, which is cause for concern for anyone using this feature to log into their account. Deceiving Windows 10 didn't take too much effort. It just required "having access to a suitable photo of an authorized person" to "easily" bypass the system, wrote the experts. The photo required is the full image of someone's face -- so if someone really wants to attempt to deceive the facial recognition system, the barriers aren't too great. Similar to the iPhone X's Face ID camera, Hello Windows uses an infrared camera (either built-in the or added separately) to recognize the unique shape and contours of a face before granting or denying access to a Windows account. But a flaw was found, specifically "an insecure implementation of the biometric face recognition in some Windows 10 versions." They show their work below: Many -- but not all -- Windows versions are vulnerable. In 2016, Microsoft included a new feature called Enhanced Anti-Spoofing to limit this sort of picture trickery. But even if this feature is enabled in your Windows settings, the researchers found a way to bypass the facial recognition system that ran older Windows versions, such as a Microsoft Surface Pro 4 device running 2016's Windows 10 Anniversary update, for instance. However, the SySS researchers found that two new Windows versions, 1703 and 1709, are not vulnerable to their most simple spoofing attacks (using a printed photograph) if Enhanced Anti-Spoofing is enabled. Their ultimate recommendation: Updating to Windows 10 version 1709, enabling anti-spoofing, and then having Windows Hello reanalyze your face. If this sounds unappealing or risky, you can always go back to using a (not dumb) password. Infrared facial recognition in consumer applications is still relatively new, so flaws should be expected. Similar to Apple's Face ID, it might help to view Windows Hello as a convenience feature, not a security feature. Mashable has contacted Microsoft for comment and will update this story upon hearing back. TopicsCybersecurityWindowsSimilar to Apple's Face ID, it might be wise to view Windows Hello as a convenience feature, not a security feature.
Featured Video For You
Here's how someone can track your location for $1,000
相关推荐
-
古物:回望时间的印记
-
The dreaded 'Blue Screen of Death' helped save some PCs from massive ransomware hack
-
Apple designer made a $12,000 hourglass and honestly WHO is going to buy this?
-
Hungry skunk got into a sticky McSituation, but one officer came to the rescue
-
Students get free entry at second Rawalpindi Test but what’s the catch?
-
US Open victory yet to sink in, says Raducanu
- 最近发表
-
- Footage of Kim Yo
- Every 'Simpsons' episode ever will make up the longest TV marathon in history
- Japanese ad giant admits to overcharging more than 100 clients
- Elderly bipolar disorder cases surge in South Korea
- Why Kamala Harris triggers Donald Trump so intensely.
- Cam Newton dons MLK shirt before game in Charlotte
- China 'cynical' about N. Korea's behavior: source
- Japanese ad giant admits to overcharging more than 100 clients
- Klarna CEO reveals plan to reduce workforce by 50% and replace it with AI
- What this Yahoo data breach means for you
- 随机阅读
-
- Eng name ODI, T20I squads for Aus series
- Uber just fired its controversial self
- Uber is definitely not happy with Travis Kalanick's board appointments
- Fewer Europe fans no worry for Harrington at Ryder Cup
- Alcaraz vs. Van de Zandschulp 2024 livestream: Watch US Open for free
- Klopp hails Mane's 100th Liverpool goal as 'massive achievement'
- Quiz tells Chris Pratt he's actually Chris Evans, and now everyone's confused
- 送技术到田间地头 助力椒农增收致富
- Google is bringing AI summaries to ‘Files’ so you can find your docs quicker
- 'I've been through hell and back': Man Utd's Jones
- Cam Newton dons MLK shirt before game in Charlotte
- Osaka withdraws from Indian Wells
- Police bust crypto scammer who received plastic surgery to evade arrest
- 'Hearthstone' guide: How to overrun opponents with a Zoolock deck
- Japanese ad giant admits to overcharging more than 100 clients
- Tensions flare again between two Koreas
- Why Kamala Harris triggers Donald Trump so intensely.
- Charlotte knows it has faults, but wants the world to also know its charms
- Man Utd learn that Ronaldo's goals alone won't suffice in UCL
- 'Hearthstone' guide: How to overrun opponents with a Zoolock deck
- 搜索
-
- 友情链接
-