Saturday, December 14, 2024
HomeSecurity NewsMicrosoft Windows Face Authentication Bypassed with a Spoofed Photo

Microsoft Windows Face Authentication Bypassed with a Spoofed Photo

Published on

SIEM as a Service

Windows 10 provides Face Authentication technology with specific Windows “Hello compatible cameras,” it uses a camera exceptionally designed for close infrared (IR) imaging to authenticate and unlock Windows devices as well as unlock your Microsoft Passport.

Due to insecure implementation in face recognition in Windows 10 versions, security researchers show it is possible to bypass the Authentication with a modified printed photo.

With the modified photo of an authorized person, an unauthorized user can log in to the locked windows system as a spoofed authorized user.

- Advertisement - SIEM as a Service

The vulnerability resides in both with default Windows Hello configuration and windows hello configuration with anti-spoofing enabled.

Researchers demonstrated the vulnerability with laptop and Microsoft Surface Pro 4 device that running Windows 10 Pro.

For example, the spoofing attack performed against a laptop device (Dell Latitude E7470) running Windows 10 Pro (Version 1703) with a Windows Hello compatible webcam [3] and against a Microsoft Surface Pro 4 device [4] running Windows 10 Pro (Version 1607) with the built-in camera,researchers said.

Affected Version(s):
Windows 10 Pro (Version 1709, OS Build 16299.19)
Windows 10 Pro (Version 1703, OS Build 15063.726)
Windows 10 Pro (Version 1703, OS Build 15063.674)
Windows 10 Pro (Version 1703, OS Build 15063.483)
Windows 10 Pro (Version 1607, OS Build 14393.1914)
Windows 10 Pro (Version 1607, OS Build 14393.1770)
Windows 10 Pro (Version 1511, OS Build 10586.1232)

Once again the facial verification failed, last month researchers proved that iPhone X Face ID could be bypassed with a 3D printed mask. Later on, A Women in China was able to unlock iPhone X through her friend facial recognition ID without using any 3D print hardware and face mask.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every...

Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit

The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks...

Reyee OS IoT Devices Compromised: Over-The-Air Attack Bypasses Wi-Fi Logins

Researchers discovered multiple vulnerabilities in Ruijie Networks' cloud-connected devices. By exploiting these vulnerabilities, attackers...

New Android Banking Malware Attacking Indian Banks To Steal Login Credentials

Researchers have discovered a new Android banking trojan targeting Indian users, and this malware...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Poison Ivy APT Launches Continuous Cyber Attack on Defense, Gov, Tech & Edu Sectors

Researchers uncovered the resurgence of APT-C-01, also known as the Poison Ivy group, an...

Hackers Can Secretly Access ThinkPad Webcams by Disabling LED Indicator Light

In a presentation at the POC 2024 conference, cybersecurity expert Andrey Konovalov revealed a...