Facial Recognition technology is gaining a lot of traction lately. It all begun with Microsoft introducing the Windows Hello followed by the recent debut of Face ID by Apple on the iPhone X. The first time I used a facial ID was on an HP laptop nearly ten years ago. The bad news, however, is that two security researchers have been able to bypass Windows Hello by simply using a printout of an image.
Windows Hello tricked by paper printout
Well, it seems that the Facial Recognition technology is not exactly foolproof and even Apple FaceID was tricked with a special 3D mast. For the uninitiated Windows Hello is a facial recognition technology that allows users to log into Windows 10 by using Face or even Iris recognition.
Proof of Concept
Matthias Deeg and Philipp Buchegger both IT security experts from German SySS GmBH have apparently succeeded in spoofing the Windows Hello Face biometric Authentication procedure. The worst part, however, is that all the attacker would need is a printout of the face of an authorized person.
That being said, the printout should ideally adhere to the following specifications,
- The photograph should have the face of the person in a frontal position
- Laser printer should be used
- The photo of the person should be taken in the near infrared range
As per the researchers, such printouts can be easily used to circumvent the Windows Hello Face Authentication. The attack was successful with different versions of Windows 10 with varying hardware and software configurations. For the sake of demonstration take a look at the Windows 10 versions that were tested on a Dell Latitude along with LilBit USB Camera
On the brighter side, the recent Windows 10 1703 and 1709 were not affected by the spoofing attack. This is probably due to the fact that both the versions of the operating system come equipped with “Enhanced Anti-Spoofing” functionality. The researchers will publish the study by Spring next year and until then you can have a look at the video of the demonstration.