It turned out that the face authentication function of Windows 10 can deceive with low resolution color copy of infrared photograph
Microsoft Windows 10 can log in to the terminal by recognizing the face using the cameraWindows HelloIt is equipped with a face authentication function called, but the vulnerability that the person's face can be unlocked by showing a low-resolution color copy processed like an infrared photograph is confirmed by a security research company It is known.
SYSS - 2017 - 027: Biometricks: Bypassing an Enterprise - Grade Biometric Face Authentication System / SYSS - 2017 - 027: Biometricks: Bypassing an Enterprise - Grade Biometric Face Authentication System / Pentest Blog
Windows 10 Facial Recognition Feature Can Be Bypassed with a Photo
Windows Hello is a function that is a substitute for normal password and fingerprint authentication by recognizing the human face using a near infrared sensor etc. It is possible to use it on some Windows 10 equipped PCs. However, when the German security research company "SySS GmbH" investigated this function, it turned out that it was possible to cheat with a face picture printed on paper even if there was no himself.
Face authentication by Windows Hello is equipped with near infrared cameras and mechanisms that increase the accuracy of authentication using data of ordinary RGB cameras depending on Windows 10 version. In addition, Windows Hello is equipped with an "Extended Spoofing Prevention" function that prevents "spoofing" by others, but it is disabled by default and needs to be enabled on your own. In addition, this function can not be used unless it is a part of compatible models such as Microsoft "Surface Pro 4".
According to SySS GmbH, I was able to avoid the function when I fulfilled some conditions.
- Face the face of a person directly in front
· The picture was taken in the near infrared
· Image brightness and contrast are simplified
· Printing that photo with a laser printer
The following movies have actually demonstrated the situation.
Biometricks 1/3: Windows Hello Face Authentication Bypass PoC I - YouTube
Surface Pro with Windows 10 build 1607 installed was used for verification, and the anti-spoofing countermeasure function was turned on.
First of all, you can register your face on the PC to be able to authenticate.
And this is the image that I prepared. A photograph that imitated an infrared photograph was printed with a laser printer, and the resolution of the photograph was a low image quality of 340 × 340 pixels.
If you hold this photo over the Surface Pro camera ... ...
By all means the lock was released and the desktop was displayed.
Also, it was said that locks were canceled in black and white face photographs even if those with a red color added with crayons.
Also, verification is done in a newer version of Windows 10 build 1709.
Security has been enhanced in this version, but it is possible to break through using the same picture raised to 480 x 480 pixels.
In this way, the lock of the terminal was canceled with the printed photo image.
Also, if you paste a translucent tape in front of the RGB camera and test it ......
Though it took a long time, I realized that you can break through face authentication with an infrared camera.
According to SySS, in the latest builds of Windows 10, 1703 and 1709, when the "Extended anti-spoofing" function using infrared cameras is enabled, the spoofing attack based on the printed facial photograph as described above requires authentication I can not break through. Therefore, when using Windows Hello's face authentication, the company recommends updating Windows 10 to the latest version of build 1709 or later, re-setting up Windows Hello's face authentication after enabling the anti-spoofing function doing.