Hackers can get past the Windows Hello face recognition on old Windows 10 by using a printed photograph, a German security outfit has discovered.
Syss discovered the flaw in Windows 10 PCs running versions that are older than the Fall Creators Update.
The surprising thing is that even relatively low resolution laser-printed photos of the user, taken with a near-IR (infrared) camera, could be used to fool the login screen, the firm claims, although this will require some manipulation.
The exploit circumvents Windows Hello security. If you log into your PC using facial recognition on Windows 10, then you should be aware that its not only older versions of Microsoft's OS that can be fooled; those that are running the Fall Creators Update could also potentially be victims to the vulnerability, Syss said, if facial recognition was set up in a previous version of the OS.
Basically, you'll need to set up Windows Hello again on your device to dodge the exploit completely.
The researchers published a series of proof of concept videos to prove their point. Check them out below.
The news of the flaw follows the release of Microsoft's latest set of guidelines last month, made for Windows 10 customers, which stated a list of requirements that they should follow in order to ensure that their device is "highly secure".
Microsoft's first piece of advice was that 'Systems must be on the latest, certified silicon chip for the current release of Windows'; a list that includes Intel's 7th-generation Intel Core i3, i5, i7, i9, M3, and Xeon processors, as well as current Intel Atom, Celeron and Pentium processors.
This meant that Microsoft was basically admitting that its own Surface Pro 4 device, which is powered by a 6th-gen Intel Core chip, doesn't meet its own security standards.
Claims to have "the most competitive logic density" in the industry
Dell's high-end mobile workstations upgraded with Intel Coffee Lake CPUs
Webstresser admins were also arrested in the UK, Croatia, Canada and Serbia
Security firm claims that 117,638 sites out of 135,035 analysed contain serious security flaws