or c) stop using such a stupid and insecure method for unlocking your device, especially before you are in a public office, you dolt.
My 4 year old daughter the other day, trying to avoid splitting a treat with her sister and instead get her own full treat (before having finished her vegetables, no less) pivoted almost immediately to:
“but [little sister] is so sweet and so funny and cute.” which left us momentarily scratching our heads at where she was going with it, until “She deserves her own treat, she shouldn’t have to share one with me.”
The answer is always both.
Intriguing story.
Thing is, the laptop shown is an HP running Win 10, and clearly has the dual camera setup required by Windows Hello:
Second camera is near IR, and used with an IR LED to provide consistent illumination. From the Microsoft page:
“Using IR also helps with spoofing because it helps prevent the most accessible attacks. For instance, IR doesn’t display in photos because it’s a different wavelength, and as you can see <on the linked page>, the images the images do not display in photos or on an LCD display.”
There was a proof of concept attack that allowed a photo to unlock the device, but this used a still taken with the same IR camera on the device (so a B+W image with very specific contrasts - but yes, this does seem to contradict the above point ). And even that has been mostly blocked by subsequent enhancements to Windows Hello since late 2017. (however older kit with simpler IR cameras still had the issue).
Just kids holding a campaign flyer up to the machine shouldn’t be sufficient… Think I’ll do some experiments on my Surface Pro 4 and see what I find!
Wait so you can fool facial recognition by just using a photo of someone??
This topic was automatically closed after 5 days. New replies are no longer allowed.