Last Updated on January 30, 2020 by Mathew Diekhake

It turns out that Microsoft’s facial recognition feature, available on some selected devices that run Windows 10, isn’t as secure as first thought.

If you’ve ever walked away from your Windows 10 computer compatible with facial recognition and felt a little vulnerable, it turns out you weren’t as paranoid as you might have assumed. News of Microsoft releasing a patch for a vulnerability in the Windows 10 Hello facial recognition system has surfaced, and it means those of you running software updates before its release can have your computers hacked by simply having photos of you put in front of the computer to trick Windows Hello into thinking it’s the real you.

Many people have wondered what the secret to getting Windows Hello to lock others out while at the same time unlocking quickly for the right person was that Microsoft has up its sleeve. It’s been suggested by many experts that the trick is in the eyes moreso than any other part of the face, with the camera assessing all the unique things that make up your complete eye. That view surfaced after people worked out that Windows Hello unlocks much quicker when you’re looking directly into the camera lens that’s trying to check you out.

Whatever the secret is, it has had a high success rate of locking unfamiliar faces out of the operating system whenever called upon—that was until German pen-testing company SySS GmbH recently discovered Windows Hello was vulnerable to be tricked when they placed a photo of a person in front of the camera and hoped for the best . . . and it worked.

The photo that did the trick was just a regular picture made by using a laser color printout of the man who had the computer set up to unlock when it sees his real face. Given the basics of the picture, those running on the wrong versions of Windows 10 that are still susceptible, could quite easily fall victim to the same kind of attack should a lurking hacker want to get inside a computer.

Microsoft has already rolled out patches for this Windows Hello security breach, but the software updates have only rolled out for the Windows 10 1703 and 1709 build numbers and not any of the earlier updates. That means if you’re still running on a version of Windows 10 below those digits, such as the previous 16XX software updates, the hack would always work.

After it had come to fruition that Microsoft had planned always to roll out automatic updates for everyone, many people didn’t like that idea and decided to take measures into their own hands and find methods for stopping the updates. Thus, there are likely many people out there who are still running on the version of Windows 10 that are susceptible to these types of attacks.

The problem won’t be as widespread as it might have been though since Windows Hello uses IR technology that is only available on a small range of devices; the rest don’t have the hardware requirements for it to run and therefore never got the chance to use the usually handy facial recognition technology. Still, if you are someone who has stopped software updates in the past, you might want to venture into the Settings application and just make sure that you are now accepting Windows updates automatically so Microsoft can look after your computers and patch any known vulnerabilities such as these.

You might also be interested in:

You can subscribe to our RSS, follow us on Twitter or like our Facebook page to keep on consuming more tech.