Older Windows 10 devices susceptible to Windows Hello face spoofing

Two researchers recently discovered that anyone can bypass Windows Hello’s facial recognition in older versions of Windows 10. At the root of the issue are infrared cameras that don’t support Enhanced Anti-Spoofing, which essentially helps prevent anyone from walking up to your PC and using a printed photo to gain unauthorized access.

According to the researchers, devices upgrading from Windows 10 versions 1511 and 1607 using hardware that doesn’t support Enhanced Anti-Spoofing are vulnerable to their photo-based approach. This method relies on a head-on shot of the device owner in a near-infrared state. They also manually changed the brightness and contrast levels to meet the requirements of Windows Hello, and printed the image using a laser printer.

Typically, Enhanced Anti-Spoofing isn’t toggled on by default. On Windows 10 Pro and Enterprise, you can load up the Local Group Policy Editor and enable the feature by navigating to Administrative Templates > Windows Components > Biometrics > Facial Features. In Windows 10 Home, you can turn it on by editing the registry. But regardless of the Windows version, the camera must still provide support on a hardware level.

The proof-of-concept hack relies on the Dell Latitude E7470 with a LilBit USB camera. When testing with Windows 10 versions 1709, 1703, 1607, and 1511, the researchers were even able to break into the laptop with Enhanced Anti-Spoofing turned on.

Meanwhile, Microsoft’s Surface Pro 4 supports Enhanced Anti-Spoofing on a hardware level. With the feature enabled, the researchers couldn’t get into Windows 10 versions 1709 and 1703, but they did access the device on Windows 10 version 1607.

“In the spring of 2018 we will publish further results and details of our research project, for example on different variations of the attack,” Syss reports. “For example, our proof-of-concept video ‘Biometrics: Windows Hello Face Authentication Bypass PoC II’ shows two variants of the spoofing attack using different means.”

The takeaway from this discovery is that if your device doesn’t support Enhanced Anti-Spoofing on a hardware level, then it’s susceptible to photo-based access on all versions of Windows 10. If the device does support Enhanced Anti-Spoofing, then you should upgrade the platform to 1703 at the very least (1709 is the latest).

Of course, the second takeaway is that to gain access, you need a compatible, hard-to-acquire photo of the device owner. The proof of concept, as shown in the video above, relies on someone enabling facial recognition on the Surface Pro 4, and then converting what appears to be the same image to a near-IR form on a second PC. Using that second PC, he printed out the image at a 340 × 340 resolution, and successfully unlocked the Surface Pro 4.

Windows 10 device owners may want to remain somewhat wary about facial recognition for now. Even Apple’s Face ID technology on the recent iPhone X isn’t exactly perfect, and can even succumb to children who closely resemble iPhone X owners. That said, fingerprint scanners still appear to be the best option for gaining access to Windows 10 without the need for a password or PIN.

Computing

The May 2019 update for Windows 10 is live. Here’s how to get your hands on it

Launched this week, Microsoft's May 2019 update for Windows 10 releases a slew of new features, primarily simple and powerful security tools, for home and enterprise users. You can get your hands on these tools by installing the new update…
Computing

Keep your kids safe online with these great parental control tools

The internet can be a dangerous place, especially for your loved ones. Check out our selection of the best free parental control software for Windows and MacOS, so you can monitor your child and block unsavory sites.
Computing

The 2019 MacBook Pro is an impressive performance update, but not much else

With increased competition from Windows laptops, Apple could do with refreshing its MacBook Pro line. Fortunately, it looks set to do that in 2019. Here's everything we know so far.
Computing

Windows 10 notifications driving you crazy? Here's how to get them under control

Are the notifications on Windows 10 annoying you? Here's our guide on how to turn off notifications in Windows, and how to manage alerts so that the important stuff still gets through.
Computing

Here’s how to watch AMD reveal its new Ryzen chips at Computex

AMD will hold a pre-Computex keynote May 27 to announce its new line of 3rd-generation Ryzen processors and accompanying Radeon Navi graphics cards. Here's how to watch the keynote live wherever you are in the world.
Computing

Should you buy a MacBook Pro or a Razer Blade Stealth? We'll help you decide

Laptop head to heads are a great way to see which one might be the right one for you. Our latest sees the Razer Blade Stealth (2019) vs. MacBook Pro in a fight to see which one deserves to be your next laptop.
Computing

Microsoft might finally embrace USB-C on next-gen Surface Pro 7

USB-C could finally come to Microsoft's Surface Pro tablet. According to a Microsoft patent filing, the port was shown in an illustration, suggesting that the company is working to support this feature in the future.
Computing

AMD's latest Navi graphics cards are incoming. Here's what to expect

AMD's Navi graphics cards could be available as soon as July 2019 — as long as it's not delayed by stock problems. Billed as a successor to Polaris, Navi promises to deliver better performance to consoles like Sony's PlayStation 5.
Computing

Ryzen 3000 chips will pack a punch, and could launch as early as July

AMD's upcoming Ryzen 3000 generation of CPUs could be the most powerful processors we've ever seen, with higher core counts, greater clock speeds, and competitive pricing. Here's what we know so far.
Mobile

Want to watch Netflix in bed or browse the web? We have a tablet for everyone

There’s so much choice when shopping for a new tablet that it can be hard to pick the right one. From iPads to Android, these are our picks for the best tablets you can buy right now whatever your budget.
Deals

The best Amazon Prime Day 2019 deals: Everything you need to know

Amazon Prime Day 2019 is still a few months off, but it's never too early to start preparing. We've been taking a look at the best discounts from previous Prime Days to give you our predictions of what to expect this year.
Computing

Here’s how to watch the Nvidia Computex 2019 press conference

Here’s everything you need to know about Nvidia’s upcoming press conference at Computex 2019 in Taipei, Taiwan; including what to expect during the press conference and how and when to watch it.
Deals

Best Memorial Day sales 2019: Amazon, Best Buy, and Walmart deals

If you're looking to save big on some shiny new stuff for Memorial Day 2019, we've gathered everything you need to know into one place. Find out where to save the most money before the summer hits its stride.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Tricked-out e-scooters and bike lights that lock

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it's fun to gawk!