Microsoft Windows Face Authentication Bypassed with a Spoofed Photo

Windows 10 provides Face Authentication technology with specific Windows “Hello compatible cameras,” it uses a camera exceptionally designed for close infrared (IR) imaging to authenticate and unlock Windows devices as well as unlock your Microsoft Passport.

Due to insecure implementation in face recognition in Windows 10 versions, security researchers show it is possible to bypass the Authentication with a modified printed photo.

With the modified photo of an authorized person, an unauthorized user can log in to the locked windows system as a spoofed authorized user.

The vulnerability resides in both with default Windows Hello configuration and windows hello configuration with anti-spoofing enabled.

Researchers demonstrated the vulnerability with laptop and Microsoft Surface Pro 4 device that running Windows 10 Pro.

For example, the spoofing attack performed against a laptop device (Dell Latitude E7470) running Windows 10 Pro (Version 1703) with a Windows Hello compatible webcam [3] and against a Microsoft Surface Pro 4 device [4] running Windows 10 Pro (Version 1607) with the built-in camera,researchers said.

Affected Version(s):
Windows 10 Pro (Version 1709, OS Build 16299.19)
Windows 10 Pro (Version 1703, OS Build 15063.726)
Windows 10 Pro (Version 1703, OS Build 15063.674)
Windows 10 Pro (Version 1703, OS Build 15063.483)
Windows 10 Pro (Version 1607, OS Build 14393.1914)
Windows 10 Pro (Version 1607, OS Build 14393.1770)
Windows 10 Pro (Version 1511, OS Build 10586.1232)

Once again the facial verification failed, last month researchers proved that iPhone X Face ID could be bypassed with a 3D printed mask. Later on, A Women in China was able to unlock iPhone X through her friend facial recognition ID without using any 3D print hardware and face mask.