Friday, September 13, 2024
HomeSecurity NewsMicrosoft Windows Face Authentication Bypassed with a Spoofed Photo

Microsoft Windows Face Authentication Bypassed with a Spoofed Photo

Published on

Windows 10 provides Face Authentication technology with specific Windows “Hello compatible cameras,” it uses a camera exceptionally designed for close infrared (IR) imaging to authenticate and unlock Windows devices as well as unlock your Microsoft Passport.

Due to insecure implementation in face recognition in Windows 10 versions, security researchers show it is possible to bypass the Authentication with a modified printed photo.

With the modified photo of an authorized person, an unauthorized user can log in to the locked windows system as a spoofed authorized user.

- Advertisement - EHA

The vulnerability resides in both with default Windows Hello configuration and windows hello configuration with anti-spoofing enabled.

Researchers demonstrated the vulnerability with laptop and Microsoft Surface Pro 4 device that running Windows 10 Pro.

For example, the spoofing attack performed against a laptop device (Dell Latitude E7470) running Windows 10 Pro (Version 1703) with a Windows Hello compatible webcam [3] and against a Microsoft Surface Pro 4 device [4] running Windows 10 Pro (Version 1607) with the built-in camera,researchers said.

Affected Version(s):
Windows 10 Pro (Version 1709, OS Build 16299.19)
Windows 10 Pro (Version 1703, OS Build 15063.726)
Windows 10 Pro (Version 1703, OS Build 15063.674)
Windows 10 Pro (Version 1703, OS Build 15063.483)
Windows 10 Pro (Version 1607, OS Build 14393.1914)
Windows 10 Pro (Version 1607, OS Build 14393.1770)
Windows 10 Pro (Version 1511, OS Build 10586.1232)

Once again the facial verification failed, last month researchers proved that iPhone X Face ID could be bypassed with a 3D printed mask. Later on, A Women in China was able to unlock iPhone X through her friend facial recognition ID without using any 3D print hardware and face mask.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hacker Tricks ChatGPT to Get Details for Making Homemade Bombs

A hacker known as Amadon has reportedly managed to bypass the safety protocols of...

Citrix Workspace App Vulnerable to Privilege Escalation Attacks

Citrix released a security bulletin (CTX691485) detailing two critical vulnerabilities in the Citrix Workspace...

Beware Of Weaponized Excel Document That Delivers Fileless Remcos RAT

A recent advanced malware campaign leverages a phishing attack to deliver a seemingly benign...

Hackers Exploiting Apache OFBiz RCE Vulnerability in the Wild

A critical vulnerability in the Apache OFBiz framework has been actively exploited by hackers....

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Critical PDF.js & React-PDF Vulnerabilities Threaten Millions Of PDF Users

A new critical vulnerability has been discovered in PDF.js, which could allow a threat...

LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely From Any Browser, Anywhere

LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series...

Email Header Analysis – Verify Received Email is Genuine or Spoofed

Email Header Analysis highly required process to prevent malicious threats since Email is...