Windows Hello: Αρκετές δημοσιεύσεις αναφέρουν ότι το χαρακτηριστικό αναγνώρισης προσώπου των Windows 10 είναι από τα πιο ασφαλή που κυκλοφορούν.
But it turns out that Windows Hello can be misled with a simple photo just like Apple's Face ID.
The vulnerability was announced by the German security company Syss at Full Disclosure.
According to the researchers, even if you have installed all the latest updates for builds 1703 or 1709, face recognition should be set from the start to be resistant to the attack.
The "simple spoofing attacks" described in the researchers' announcement are all variations on the use of a "modified photo of an authorized user." So with a simple photo an attacker can enter a locked Windows 10 system.
The default Windows Hello config has it enabled mode "enhanced anti-spoofing", says Syss.
If enhanced anti-spoofing is enabled, depending on the version of Windows 10, a slightly different modified photo should be used, but for an attacker the effort is negligible.
The researchers tested the attack on a Dell Latitude running Windows 10 Pro (build 1703), but also on a Microsoft Surface Pro 4 running Windows on build 1607.
Researchers have tried to change the Surface Pro setting to "enhanced anti-spoofing", but claim that the "LilBit USB IR camera only supports the default setting and can not be used with more secure face recognition settings".
The researchers released the following three videos as PoC:
However, we can not say anything bad about the Face Recognition program: It works perfectly with the above !!!!