You can bypass Windows Hello with a low-res printed photo
In a
report published yesterday, German pen-testing company SySS GmbH says it discovered that Windows Hello is vulnerable to the simplest and most common attack against facial recognition biometrics software — the doomsday scenario of using a printed photo of the device's owner.
Researchers say that by using a laser color printout of a low-resolution (340x340 pixels) photo of the device owner's face, modified to the near IR spectrum, they were able to unlock several Windows devices where Windows Hello had been previously activated.
The attack worked even if the "enhanced anti-spoofing" feature had been enabled in the Windows Hello settings panel, albeit for these attacks SySS researchers said they needed a photo of a higher resolution of 480x480 pixels (which in reality is still a low-resolution photo).