The flaw, discovered by researchers at Syss (via The Register) allows Windows Hello to be spoofed on Windows 10 releases older than the Creators Update (build 1703). However, even if your PC is currently running the Creators Update or Falls Creators Update, facial recognition needs to be set up again to circumvent the flaw.
Matthias Deeg and Philipp Buchegger, the researchers who discovered the attack, say that Windows Hello can be fooled by using printed photos of an authorized user that has been modified. Using a frontal photo taken with a near-infrared camera, facial recognition on the affected Windows 10 versions could be fooled. Deeg and Buchegger tested the spoofing attack with Windows Hello's standard setup, as well as with "enhanced anti-spoofing" enabled, and were able to bypass both. From the report:
Both, the default Windows Hello configuration and Windows Hello with the enabled "enhanced anti-spoofing" feature on different Windows 10 versions are vulnerable to the described spoofing attack and can be bypassed. If "enhanced anti-spoofing" is enabled, depending on the targeted Windows 10 version, a slightly different modified photo with other attributes has to be used, but the additional effort for an attacker is negligible. In general, the simple spoofing attack is less reliable when the "enhanced anti-spoofing" feature is enabled.
While worrying, the attack requires a pretty specific set of steps to work. The best way to stay protected is to make sure you're PC is current with either the Creators Update or Fall Creators Update. Once updated, you'll want to set up Windows Hello's face recognition from scratch to guard against spoofing.
You can view demonstrations of the exploit in action in the videos below.
Thanks, Daniel, for the tip!
Review: Razer's Hammerhead True Wireless Pro deliver THX and ANC for gamers
If you're looking for really good wireless earbuds and also happen to like mobile gaming, the new Razer Hammerhead True Wireless Pro is what you need. Featuring THX audio, ANC, low-latency streaming, and excellent comfort, there's a lot to like. Here's what we think of them after a week of using them with iOS and Android.
The Razer Tomahawk is small in stature, but mighty in power
Razer has a new gaming PC on the scene, and this time it's a compact desktop. The Razer Tomahawk Gaming Desktop uses a variation of the Tomahawk case to bring a modular, powerful PC that's designed to take up very little of your desk space.
Found out when Cyberpunk 2077 releases in your area on PC and console
Cyberpunk 2077 is really almost here, and CD Projekt RED has revealed the exact release times for local areas on PC and console, as well as pre-load information.
These are the best PC sticks for when you're on the move
Instant computer, just add a screen! That’s the general idea of the ultra-portable PC Compute Sticks, but it can be hard to know which one you want. Relax, we’ve got you covered.