Older Windows 10 devices susceptible to Windows Hello face spoofing

Two researchers recently discovered that anyone can bypass Windows Hello’s facial recognition in older versions of Windows 10. At the root of the issue are infrared cameras that don’t support Enhanced Anti-Spoofing, which essentially helps prevent anyone from walking up to your PC and using a printed photo to gain unauthorized access.

According to the researchers, devices upgrading from Windows 10 versions 1511 and 1607 using hardware that doesn’t support Enhanced Anti-Spoofing are vulnerable to their photo-based approach. This method relies on a head-on shot of the device owner in a near-infrared state. They also manually changed the brightness and contrast levels to meet the requirements of Windows Hello, and printed the image using a laser printer.

Typically, Enhanced Anti-Spoofing isn’t toggled on by default. On Windows 10 Pro and Enterprise, you can load up the Local Group Policy Editor and enable the feature by navigating to Administrative Templates > Windows Components > Biometrics > Facial Features. In Windows 10 Home, you can turn it on by editing the registry. But regardless of the Windows version, the camera must still provide support on a hardware level.

The proof-of-concept hack relies on the Dell Latitude E7470 with a LilBit USB camera. When testing with Windows 10 versions 1709, 1703, 1607, and 1511, the researchers were even able to break into the laptop with Enhanced Anti-Spoofing turned on.

Meanwhile, Microsoft’s Surface Pro 4 supports Enhanced Anti-Spoofing on a hardware level. With the feature enabled, the researchers couldn’t get into Windows 10 versions 1709 and 1703, but they did access the device on Windows 10 version 1607.

“In the spring of 2018 we will publish further results and details of our research project, for example on different variations of the attack,” Syss reports. “For example, our proof-of-concept video ‘Biometrics: Windows Hello Face Authentication Bypass PoC II’ shows two variants of the spoofing attack using different means.”

The takeaway from this discovery is that if your device doesn’t support Enhanced Anti-Spoofing on a hardware level, then it’s susceptible to photo-based access on all versions of Windows 10. If the device does support Enhanced Anti-Spoofing, then you should upgrade the platform to 1703 at the very least (1709 is the latest).

Of course, the second takeaway is that to gain access, you need a compatible, hard-to-acquire photo of the device owner. The proof of concept, as shown in the video above, relies on someone enabling facial recognition on the Surface Pro 4, and then converting what appears to be the same image to a near-IR form on a second PC. Using that second PC, he printed out the image at a 340 × 340 resolution, and successfully unlocked the Surface Pro 4.

Windows 10 device owners may want to remain somewhat wary about facial recognition for now. Even Apple’s Face ID technology on the recent iPhone X isn’t exactly perfect, and can even succumb to children who closely resemble iPhone X owners. That said, fingerprint scanners still appear to be the best option for gaining access to Windows 10 without the need for a password or PIN.

Deals

Looking for a Chromebook? The Google PixelBook just got a $200 price cut

Once relatively obscure, Chromebooks have come into their own in a big way in recent years. One of our favorites is the super-sleek Google Pixelbook, and it's on sale right now from Amazon for $200 off, letting you score this premium laptop…
Computing

Get the most out of your high-resolution display by tweaking its DPI scaling

Windows 10 has gotten much better than earlier versions at supporting today's high-resolution displays. If you want to get the best out of your monitor, then check out our guide on how to adjust high-DPI scaling in Windows 10.
Computing

Go hands-free in Windows 10 with speech-to-text support

Looking for the dictation, speech-to-text, and voice control options in Windows 10? Here's how to set up Speech Recognition in Windows 10 and use it to go hands-free in a variety of different tasks and applications within Windows.
Computing

Still miss Windows 7? Here's how to make Windows 10 look more like it

There's no simple way of switching on a Windows 7 mode in Windows 10. Instead, you can install third-party software, manually tweak settings, and edit the registry. We provide instructions for using these tweaks and tools.
Computing

Problems with installing or updating Windows 10? Here's how to fix them

Upgrading to the newest version of Windows 10 is usually a breeze, but sometimes you run into issues. Never fear though. Our guide will help you isolate the issue at hand and solve it in a timely manner.
Mobile

Got gadgets galore? Keep them charged up with the 10 best USB-C cables

We're glad to see that USB-C is quickly becoming the norm. That's why we've rounded up some of the better USB-C cables on the market, whether you're looking to charge or sync your smartphone. We've got USB-C to USB-C and USB-C to USB-A.
Computing

Nvidia’s GTX 1650 graphics card could be just a slight upgrade over the 1050 Ti

Rumors suggest Nvidia might soon launch the GTX 1650, and a leaked benchmark listing from Final Fantasy XV suggests that the new graphics card could be just a slight upgrade over last generation's GTX 1050 Ti. 
Computing

Get ready to say goodbye to some IFTTT support in Gmail by March 31

If This Then That, the popular automation service, will drop some of its support for Gmail by March 31. The decision comes as a response to security concerns and is aimed to protect user data.
Computing

Get the new Dell XPS 13 for $750 with this limited-time deal

Dell is currently running a limited time deal lasting through Thursday, March 28, where you can bring home a version of this year's new XPS 13 for around $750 with the use of a special coupon code. 
Mobile

This is the easiest way to save your iPhone data to your computer

Living in fear of losing your contacts, photos, messages, and notes on your iPhone? Fear no more -- in this guide, we'll break down exactly how to back up your iPhone to your computer using Apple's iTunes or to the cloud with iCloud.
Mobile

Here are the best iPad Pro keyboard cases to pick up with your new tablet

The iPad Pro range can double as laptops, but they do need proper keyboards to fill in effectively. Thankfully, there are loads to choose from and we rounded up the best iPad Pro keyboard cases right here.
Computing

Microsoft’s Clippy came back from the dead, but didn’t last very long

Before Cortana, Alexa, and Siri even existed, Microsoft Clippy dominated the screens of computers in the 1990s to help assist Microsoft Office users when writing letters. He recently made a bit of a comeback only to die off again.
Computing

Nvidia faces attacks from AMD, Intel, and even Google. Should it be worried?

Nvidia announced an expanded array of RTX server solutions designed to leverage the power of ray-tracing at GTC 2019. The effort will help Nvidia take on Google's Stadia in game streaming with GeForce Now, and the company's investments in…
Computing

How 5G networks will make low-latency game streaming a reality

Faster speeds and more bandwidth are some of the many promises that 5G can deliver, but for gamers, the most important thing is low latency. To achieve low latency, carriers like AT&T and Verizon are exploring hybrid models for game…