Windows Hello is Microsoft’s biometric authentication solution, and, being password-less technology, Windows Hello provides people with a more convenient authentication experience compared with the traditional password technique. In addition, it promises better security.
In a recently published talk, At the Blackhat conference however Omer Tsarfati, Security Researcher at CyberArk, showed that an attacker can bypass Windows Hello using an external crafted USB device.
In a 30 minute presentation, he discusses how facial recognition authentication works, how to trick the Windows Hello engine with a modified USB device, and how to capture the relevant picture frames for bypassing the login phase.
In addition, he shows how their findings can affect other biometrical authentication across other devices and systems.
Watch the presentation below: