Skip to main content

Windows Hello can be tricked with a printed photo

(Image credit: Photo credit: Anton Watman / Shutterstock)

Windows 10 users have been urged to up their security protection after researchers discovered a major flaw in one of Microsoft's software tools.

Experts from German security firm SYSS have claimed that the Windows Hello system, which allows logging in to devices using facial recognition, can be tricked into granting access.

According to the company, printed versions of a user's face can be enough to trick the tool on some systems.

The researchers claim that any Windows 10 device which has not yet installed Microsoft's recent Fall Creators Update could be at risk from what it calls a, "simple spoofing attack".

The flaw affects multiple different makes of hardware, with the team testing their claim on one of Microsoft's own Surface Pro 4 devices as well as others made by different manufacturers.

Microsoft has not yet responded to the claims, but SYSS says it plans to reveal more work on the attack next spring.

"According to our test results, the newer Windows 10 branches 1703 and 1709 are not vulnerable to the described spoofing attack by using a paper printout if the "enhanced anti-spoofing" feature is used with respective compatible hardware," SYSS wrote in a blog post picked up by The Register.

"Thus, concerning the use of Windows Hello face authentication, SYSS recommend updating the Windows 10 operating system to the latest revision of branch 1709, enabling the "enhanced anti-spoofing" feature, and reconfiguring Windows Hello face authentication afterwards."

Michael Moore
Michael Moore is News and Features Editor working across both ITProPortal and TechRadar Pro. He has worked as a technology journalist for more than five years, including spells at one of the UK's leading national newspapers. He is interested in hearing about all the latest news and developments across the Business IT world, and how companies are using new technology to help push forward their work and make their customer's lives easier.