Hackers Got Past Windows Hello by Tricking a Webcam
Biometric authentication is a key piece of the tech industry’s plans to make the world passwordless. But a new method for duping Microsoft’s Windows Hello facial recognition system shows that a little hardware fiddling can trick the system into unlocking when it shouldn’t.
Services like Apple’s FaceID have made facial recognition authentication more commonplace in recent years, with Windows Hello driving adoption even farther. Apple only lets you use FaceID with the cameras embedded in recent iPhones and iPads, and it’s still not supported on Macs at all. But because Windows hardware is so diverse, Hello facial recognition works with an array of third-party webcams. Where some might see ease of adoption, though, researchers from the security firm CyberArk saw potential vulnerability.