Skip to main content
  1. Home
  2. Computing
  3. News

Older Windows 10 devices susceptible to Windows Hello face spoofing

Add as a preferred source on Google

Two researchers recently discovered that anyone can bypass Windows Hello’s facial recognition in older versions of Windows 10. At the root of the issue are infrared cameras that don’t support Enhanced Anti-Spoofing, which essentially helps prevent anyone from walking up to your PC and using a printed photo to gain unauthorized access.

According to the researchers, devices upgrading from Windows 10 versions 1511 and 1607 using hardware that doesn’t support Enhanced Anti-Spoofing are vulnerable to their photo-based approach. This method relies on a head-on shot of the device owner in a near-infrared state. They also manually changed the brightness and contrast levels to meet the requirements of Windows Hello, and printed the image using a laser printer.

Recommended Videos

Typically, Enhanced Anti-Spoofing isn’t toggled on by default. On Windows 10 Pro and Enterprise, you can load up the Local Group Policy Editor and enable the feature by navigating to Administrative Templates > Windows Components > Biometrics > Facial Features. In Windows 10 Home, you can turn it on by editing the registry. But regardless of the Windows version, the camera must still provide support on a hardware level.

The proof-of-concept hack relies on the Dell Latitude E7470 with a LilBit USB camera. When testing with Windows 10 versions 1709, 1703, 1607, and 1511, the researchers were even able to break into the laptop with Enhanced Anti-Spoofing turned on.

Meanwhile, Microsoft’s Surface Pro 4 supports Enhanced Anti-Spoofing on a hardware level. With the feature enabled, the researchers couldn’t get into Windows 10 versions 1709 and 1703, but they did access the device on Windows 10 version 1607.

“In the spring of 2018 we will publish further results and details of our research project, for example on different variations of the attack,” Syss reports. “For example, our proof-of-concept video ‘Biometrics: Windows Hello Face Authentication Bypass PoC II’ shows two variants of the spoofing attack using different means.”

The takeaway from this discovery is that if your device doesn’t support Enhanced Anti-Spoofing on a hardware level, then it’s susceptible to photo-based access on all versions of Windows 10. If the device does support Enhanced Anti-Spoofing, then you should upgrade the platform to 1703 at the very least (1709 is the latest).

Of course, the second takeaway is that to gain access, you need a compatible, hard-to-acquire photo of the device owner. The proof of concept, as shown in the video above, relies on someone enabling facial recognition on the Surface Pro 4, and then converting what appears to be the same image to a near-IR form on a second PC. Using that second PC, he printed out the image at a 340 × 340 resolution, and successfully unlocked the Surface Pro 4.

Windows 10 device owners may want to remain somewhat wary about facial recognition for now. Even Apple’s Face ID technology on the recent iPhone X isn’t exactly perfect, and can even succumb to children who closely resemble iPhone X owners. That said, fingerprint scanners still appear to be the best option for gaining access to Windows 10 without the need for a password or PIN.

Kevin Parrish
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Gemini Spark hits Mac, and it might just become your new favorite assistant
From messy downloads to date night reservations, Spark is here to lighten your load.
Gemini Spark mac app

Google has just announced a big batch of updates for Gemini Spark, making the assistant far more useful than before. Gemini Spark is finally coming to the Mac desktop app, bringing deeper app connections and a new way to keep tabs on what you care about. Let us break it down.

What can Spark do on your Mac now?

Read more
You’ll be able to use Claude Fable 5 again starting July 1
Anthropic has received a green light from the US government to restore the AI Model, weeks after a security researcher found a way around its safeguards that triggered the shutdown.
Laptop running Claude Fable

Anthropic is restoring full access to Claude Fable 5 starting tomorrow, weeks after a US government directive forced the company to suspend the model for all users. The government order arrived on June 12 and required Anthropic to block foreign nationals from using Fable 5 and its more capable Mythos 5 model. Since the rule took effect immediately and Anthropic had no way to verify a user's nationality in real time, the company suspended both models entirely rather than risk a violation.

What triggered the shutdown

Read more
Claude’s Sonnet 5 is built to do more on its own and cost you less
Better than its predecessor, nearly as good as the flagship, and meaningfully cheaper than both.
Art, Floral Design, Graphics

Every major AI lab is racing to prove its models can work autonomously with minimal hand-holding; we’re now seeing pricing emerge as the next battleground. 

Anthropic just fired its latest shot, Claude Sonnet 5, a model the company says performs nearly as well as its flagship Opus 4.8 at a fraction of the cost.

Read more