OLDER VERSIONS OF WINDOWS 10 will allow hackers to bypass the Windows Hello facial recognition login feature using a simple photograph of the user.
That’s according to German security outfit Syss, who discovered the flaw in Windows 10 PCs running versions which are older than the Fall Creators Update.
The surprising thing is, even relatively low resolution laser-printed photo of the user taken with a near IR (infrared) camera could be used to fool the login screen, the security firm claims. Although this will require some manipulation.
The exploit circumvents Windows Hello security meaning if you log into your PC using facial recognition on Windows 10, then you should be aware that not only older versions of Microsoft’s OS can be easily fooled. Those that are running the latest Fall Creators Update could also potentially be victims to the vulnerability, Syss said, that’s if facial recognition was set up in a previous version of the OS.
Basically, you’ll need to set up Windows Hello again on your device to dodge the exploit completely.
The researchers published a series of proof of concept videos to prove their point. Check them out below.
The news of the flaw follows the release of Microsoft’s latest set of guidelines last month, made for Windows 10 customers, which stated a list of requirements they should follow in order to ensure their device is “highly secure”.
Microsoft’s first bit of advice was that “systems must be on the latest, certified silICOn chip for the current release of Windows,” a list which includes Intel’s 7th-generation Intel Core i3, i5, i7, i9, M3, and Xeon processors, as well as current Intel Atom, Celeron and Pentium processors.
This meant that Microsoft was basically admitting that its own Surface Pro 4 device, which comes powered by a 6th-gen Intel Core chip, doesn’t meet its own security standards. µ
Source : Inquirer