A trivial security bypass of Windows Hello with low-resolution facial images

Security in the form of face recognition based on tens or hundreds of points, it would seem that it is a good protection of the computer against unauthorized access. German researchers from SySS GmbH showed that they did not. And it is not the same as a fingerprint that can be printed from a photo found on the web and used as a fingerprint of a completely stranger.

In the published security report, Windows Hello was defeated using a simple home color laser printer and low resolution 340x340 pixels. However, this is not an ordinary picture but has been modified so that the infrared spectrum is visible. The "attack" of the face-to-face bypass in Windows Hello was effective even when the login options using the face photo were further strengthened against fraud.

This is best reflected in the films recorded by Matthias Deeg and Philipp Buchegger:

The security update will be added to Windows 10 to version 1709. You should also enable enhanced fraud protection in the Windows Hello settings.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.