Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 10 Facial Recognition Feature Can Be Bypassed with a Photo (bleepingcomputer.com)

Posted by msmash on from the security-is-hard dept.

Windows Hello, the face scanning security feature in Windows 10, has been defeated with the use of a printed out picture. From a report: In a report published yesterday, German pen-testing company SySS GmbH says it discovered that Windows Hello is vulnerable to the simplest and most common attack against facial recognition biometrics software -- the doomsday scenario of using a printed photo of the device's owner. Researchers say that by using a laser color printout of a low-resolution (340x340 pixels) photo of the device owner's face, modified to the near IR spectrum, they were able to unlock several Windows devices where Windows Hello had been previously activated. The attack worked even if the "enhanced anti-spoofing" feature had been enabled in the Windows Hello settings panel, albeit for these attacks SySS researchers said they needed a photo of a higher resolution of 480x480 pixels (which in reality is still a low-resolution photo). [...] Microsoft released updates earlier this month to patch the vulnerability.

1 of 95 comments (clear)

  1. Re:waiting for DNA sequencing authenetication by Anonymous Coward · · Score: 3, Funny

    > spit into this tube to log into your computer
    > you just know someone will try jack off into it

    (oldie but goodie):

    One day Bill complained to his friend that his elbow really hurt. His friend suggested that he go to a computer at the drug store that can diagnose anything quicker and cheaper than a doctor.

    ''Simply put in a sample of your urine and the computer will diagnose your problem and tell you what you can do about it. It only costs $10." Bill figured he had nothing to lose, so he filled a jar with a urine sample and went to the drug store. Finding the computer, he poured in the sample and deposited the $10. The computer started making some noise and various lights started flashing. After a brief pause out popped a small slip of paper on which was printed: "You have tennis elbow. Soak your arm in warm water. Avoid heavy lifting. It will be better in two weeks."

    Later that evening while thinking how amazing this new technology was and how it would change medical science forever, he began to wonder if this machine could be fooled. He mixed together some tap water, a stool sample from his dog and urine samples from his wife and daughter. To top it off, he masturbated into the concoction. He went back to the drug store, located the machine, poured in the sample and deposited the $10. The computer again made the usual noise and printed out the following message:

    "Your tap water is too hard. Get a water softener. Your dog has worms. Get him vitamins. Your daughter is using cocaine. Put her in a rehabilitation clinic. Your wife is pregnant with twin girls. They aren't yours. Get a lawyer. And if you don't stop jerking off, your tennis elbow will never get better."