Windows Hello’s facial recognition system is vulnerable to hackers

The findings argue that potential hackers can break into the system easily


Facial recognition and other biometric authentication are common nowadays. Along with the advantages of the system there comes a whole lot of possible risks when using such a system. The researchers try to minimize the possible security threats and update the system regularly to find any issues. Microsoft’s Windows Hello uses facial recognition and supports a wide range of webcams for this. The security firm CyberArk has recently found that a new method of duping Windows Hello’s system enables them to get past the facial recognition.

The findings by the firm strengthen the view that a simple hardware fiddling could break through a very efficient system like that of Microsoft’s. Windows Hello facial recognition makes use of infrared-enabled webcams which also have RGB sensors. It has been found that the system does not consider the RGB data. Because of this an infrared image of the targeted face and a black frame could unlock the system. The infrared image provides can make the system believe that the person is present and therefore unlocks the device.

Microsoft has acknowledged the security issue and has already released patches. It has also requested users to enable “Windows Hello Enhanced Sign-in Security”. While Apple enables facial recognition only in selected cameras and devices, Microsoft Hello has a considerable number of users worldwide.

Even though the process of using an infrared image for breaking into the system sounds simple, in practice it is not so simple. But the security firm argues that a dedicated hacker can do it very efficiently. The findings of the firm will be presented at the Black Hat security conference in Las Vegas next month.