By: Nick Gambino
A lot has been made about the new iPhone X and its robust facial recognition software known as Face ID. The system has proven to be very reliable and not easily fooled, if at all.
But that isn’t so for Windows 10’s face authentication system, Windows Hello. It seems it can be hacked using a printed photo much like the facial recognition system employed in Android phones. This is what sets Face ID apart from the competition – it can’t be fooled by simple amateur tricks.
The spoofing flaw in Windows 10 was discovered by German security firm SYSS in a series of tests on a Surface Pro 4. They found that if you held a printed photo of the user’s face up to the camera you can gain access quite easily.
Now before you become too concerned you should know there were certain parameters in place that allowed for such easy trickery.
First, the photo had to be printed using a near-IR camera and of course the angle must be a straight-on shot of the person’s face.
Second, this trick only worked on earlier versions of Windows 10 like the Anniversary Update from summer 2016. The newest Fall Creators Update with the anti-spoofing feature enabled were found to be more secure.
So what’s the solution to make sure your system is safe and free from easy unauthorized access? Well, it’s contained in that last paragraph. Update Windows 10 to the newest version, the Fall Creators Update to start. Then re-setup Windows Hello from scratch and make sure you enable the advanced anti-spoofing feature.
“According to our test results, the newer Windows 10 branches 1703 and 1709 are not vulnerable to the described spoofing attack by using a paper printout if the ‘enhanced spoofing’ feature is used with respective compatible hardware,” SYSS reported.
So there you have it. Another crisis averted. I’ll leave you with this: Stay safe, people and never fully trust machines. Unless it’s a matter of convenience, then you should totally trust machines. I mean, I don’t want you to have to inconvenience yourself.
ABOUT THE AUTHOR
Nick Gambino is a regular script writer and tech beat reporter for NewsWatch. He lives in Northern Virginia with his wife and daughter.
