The attack reportedly works against all versions of Windows that don’t have Hello’s enhanced anti-spoofing technology turned on (turning this on, which must be done manually, only works if the IR camera supports it.) The researchers also had to tweak the image, using colour or a higher resolution depending on the configuration they tried it against. whether the IR camera supports enhanced anti-spoofing.If Hello’s enhanced anti-spoofing is turned on.That’s the simple part of this vulnerability because the degree to which a specific Window PC is susceptible will depend on an interaction of three variables: In the proof-of-concept demo, this was printed at 340 x 340 on a colour laser printer after adjusting the brightness and contrast, and simply held up to a Dell Latitude with a LilBit USB near-IR camera connected to it. “You are the password,” is the catchy marketing slogan Microsoft used to launch its Windows 10 Hello face authentication system in 2015.Įxcept, according to researchers at German company SySS, a more accurate description might be: “you are the password – and so is a photograph of you.”Īs incredible as it sounds, the team found it could bypass Hello on multiple versions of Windows 10 simply be presenting a printed infrared (IR) photo of the system’s owner.
0 kommentar(er)
