A flaw in Microsoft’s Windows 10 passwordfree authentication system has been discovered, which may allow an attacker to fake a picture of a person’s face in order to fool the facialrecognition system and gain control of a computer.
To exploit the Windows Hello bypass vulnerability, CVE202134466, an attacker must have physical access to a device. They can then influence the authentication process by taking or reproducing a snapshot of the target’s face and then inserting a custommade USB drive into the authenticating host to inject the faked photos.