Windows 10 warning - shock security risk for pcs discovered

Windows 10 users have been warned about a new security risk which could open PCs up to an attack. Microsoft’s flagship operating system can be hacked into via the Windows Hello facial

authentication system, cybersecurity experts have warned. Windows Hello lets users unlock their device simply with their face or with a fingerprint. But security researchers from German firm

SYSS managed to defeat the face scanning feature with a printed picture. The cybersecurity experts were able to defeat Windows Hello on Windows 10 systems that have not yet received the

Fall Creators Update. SYSS said on these systems a ”simple spoofing attack using a modified printed photo of an authorised person" can crack open Windows Hello. The researchers claim

this attack works against multiple versions of Windows 10 and on different hardware, ZDNet reported. SYSS tested the spoofing attack against a Dell Latitude with an LilBit USB camera and

against a Microsoft Surface Pro 4. These devices were running various versions of Windows 10, including one of the first releases, version 1511. The researchers said the attack was also

successful on version 1607, which is the Anniversary Update that was rolled out during summer 2016. The attack was successful on this version even when Microsoft’s enhanced anti-spoofing was

enabled. However, the attack only worked on the two Creators Update released this year when anti-spoofing was disabled. These updates fixed the exploit, however security researchers said

users may still be vulnerable if Windows Hello was set up on an older version of Windows 10. If that’s the case, then SYSS said Windows 10 users with Windows Hello enabled would have to go

into the settings and set it up all over again. To carry out the spoofing exploit, an attacker would need a printed picture of the authenticated user that was taken with an infrared camera.

In a post on Full Disclosure, SYSS wrote: "According to our test results, the newer Windows 10 branches 1703 and 1709 are not vulnerable to the described spoofing attack by using a

paper printout if the ‘enhanced anti-spoofing’ feature is used with respective compatible hardware. "Thus, concerning the use of Windows Hello face authentication, SYSS recommend

updating the Windows 10 operating system to the latest revision of branch 1709, enabling the ‘enhanced anti-spoofing’ feature, and reconfiguring Windows Hello face authentication

afterwards." HERE'S WHAT YOU SHOULD DO AFTER A WINDOWS 10 UPGRADE The news comes after Windows 10 users were put on alert after a security flaw was discovered that could see your

passwords stolen by cyber criminals. The warning revolves around a password manager that recently has been bundled in with some versions of Microsoft’s flagship OS. Google Project Zero

researcher Tavis Ormandy discovered the security risk after installing Windows 10 using a fresh image from Microsoft. He found that, as a result of the fresh Windows 10 install, Keeper

Password Manager was pre-installed on his PC. MICROSOFT Even if you update to the Windows 10 Fall Creators Update you could still be exposed When he tested the app, he found a browser plugin

the app prompted him to enable resulted in the terrifying bug. In a blog post he said the security flaw represented "a complete compromise of Keeper security, allowing any website to

steal any password." Ormandy installed Windows 10 using an image from Microsoft Developer Network (MSDN), meaning that it is meant for developers. However, Reddit users also claimed to

have received the vulnerable copy of Keeper after clean reinstalls and even on a brand new laptop. RELATED ARTICLES Speaking to Ars Technica, a Microsoft spokesperson said: "We are

aware of the report about this third-party app, and the developer is providing updates to protect customers.” The developers of Keeper Password Manager fixed the flaw 24 hours after Ormandy

privately reported the issue to them. The security flaw was addressed in version 11.4 which removed the vulnerable "add to existing" functionality.  Windows 10 users wouldn’t have

been vulnerable unless they had opened Keeper, entered their passwords and followed the promote to install the browser plugin.