Top Nav

Facial Recognition Hacking: Can You Trick Windows Hello with a Photo?

Earlier this week, Andre showed us how to set up Windows Hello so you can sign into Windows 10 using your face. Reading that post, it made me think of two things immediately.

First, was Adele.

Next, was Space Quest III: The Pirates of Pestulon.

Space Quest was made by Sierra in the late 80s, but it’s set in the distant future in space. In the final chapter of the game, the hero Roger Wilco has to infiltrate the enemy base to rescue two game developers who have been imprisoned in lime Jello. Part of the plot involves foiling an access door that’s protected by a facial scanner. The solution? Hold up a color photo to the machine when it goes to authenticate your face.

In the game, this works perfectly. Which made me wonder:

Can you hack Windows Hello with a photograph?

Fortunately, Microsoft has had over two decades to work on this vulnerability that brought down the villains of ScumSoft.

You see, there’s a reason that you can’t use Windows Hello with just any old computer using any old camera. Windows Hello-supported devices use two cameras to create a 3D image of your face. It also uses infrared as part of its facial analysis. The infrared helps in low light situations, but most of all, it prevents spoofing with a cold, flat paper photo.

In this technical article on Windows Hello from Microsoft, you can see the infrared in action:

hacking windows hello

Or the lack of infrared action on a photo:

can you hack windows helllo face

The answer to the question of whether or not you can trick Windows Hello with something as primitive as a color photograph is “no.” Some people have suggested that you could use a 3D model of someone’s face to trick the camera, but then you’re left with the infrared challenge. So, I guess you could maybe microwave it a little bit and then…ah, forget it, just go hack someone else’s computer.

Conclusion: You Can’t Trick Microsoft Hello with a Picture

If you need further proof, watch Sean Ong on YouTube. He tries to unlock his Windows 10 PC with a photo and fails.

So, there you have it. If only the Pirates of Pestulon would’ve implemented infrared technology. Then ScumSoft may have gotten away with its evil plot after all.

More Reading:

, , ,

2 Responses to Facial Recognition Hacking: Can You Trick Windows Hello with a Photo?

  1. Steven May 26, 2017 at 7:55 am #

    Pretty cool.
    What about a test wearing a Jack Busch, over the head, look alike (probably rubber) mask?

    • Jack Busch June 4, 2017 at 1:42 am #

      As soon as someone makes one of those, I’ll give it a shot.

Leave a Reply

 

Free Learning

 

Don't miss a single tip, how to or tech news update. Subscribe to my free newsletter and receive updates, right to your inbox.

You have Successfully Subscribed!

7 Shares
Share3
Buffer2
Share1
+11
Tweet