Windows 10 Big Brother Edition: Windows Hello Uses Your Camera Even If It's Disabled

[vissha]

Windows 10 Big Brother Edition: Windows Hello Uses Your Camera Even If It's Disabled

Windows Hello is Redmond's new biometric authentication app

You're probably aware of the whole privacy craze around Windows 10 these days and while Microsoft provides nothing more than basic statements to explain that users are allowed to choose what info to share and what to not, more criticism reaches the web to disclose the way the new OS can actually track you.

As far as the camera is concerned, Microsoft gives users the power to choose which apps can use their computer camera, thus making sure that no one watches them when working on their PCs without actually knowing it.

In fact, you can disable the camera completely for Windows 10 apps, but as reddit user dioxol-5-yl wrote, it's not all that simple.

Microsoft has a very interesting mention in the camera privacy FAQ, explaining that even if your camera is disabled in Windows 10, the new biometic authentication feature called Windows Hello still uses it. So you disable it, but it's still enabled.

“If you choose to turn on Windows Hello, it will use your camera to sign you in even if your camera setting is turned off. If Windows Hello is turned off, it can’t access your camera,” Microsoft explains.

It makes sense (at some level)

Many users are afraid that the camera could be used to spy on them (in the real way, since you can actually see what someone is doing live by accessing his camera), so it's no surprise that such a reference in the Windows 10 FAQ makes many raise an eyebrow.

But since Windows Hello is part of the OS, it makes sense at some level to let this app access the camera no matter what, especially if you want to use biometric authentication. So if you want Windows Hello, then your camera must be used.

Probably the only thing that Microsoft must change here is the way users are made aware of this thing. When disabling the camera, they have to know that Windows Hello can still use it and avoid all the accusations that the company is using the camera to spy on them.

Reddit usert therealhamster has an interesting story regarding this:

“The LED on my webcam was turning on every time I booted up windows 10 and it would stay on no matter what so I turned my webcam around to face the wall. Haven't bothered checking if it's still doing that though.”

If you want to control which apps access your camera, go over to Settings > Privacy > Camera. But you won't find Windows Hello in there, so to disable biometric authentication you must go to Settings > Accounts > Sign-in options.

Source-1 Source-2

Source-3

Source-4

[Batu69]

Microsoft's Windows Hello biometric secure authentication was first revealed back in March. We reported in more detail about the technology, which Microsoft claims is "much safer than traditional passwords," just over a month ago. At that time WinSuperSite published a demo showing the password-alternative system in action on a Windows 10 system equipped with an Intel RealSense camera.

Windows Hello uses asymmetric key cryptography technology combined with personal biometrics from your face, iris or fingerprints. Microsoft says this leaves hackers "nothing to steal" – so they can't copy your PIN, keylog your passwords etc. So how reliable, secure and foolproof is this kind of authentication?

Yesterday newspaper The Australian published its findings from testing Windows Hello with an eye on trying to 'derail' the system. It thought it could possibly bypass Microsoft's new secure authentication system that had learned one face, with the face of an identical twin.

According to the newspaper one per cent of the population is part of an identical twin, so it's quite a common feature of the population. The Australian managed to get six pairs of identical twins into its offices to see if it could hoodwink Windows Hello. I know that's not a very big sample, but it's still an interesting experiment.

Again this demo used an Intel RealSense camera setup. Intel focussed quite strongly on this camera hardware in its IDF 2015 keynote and in partner announcements earlier this week. The newspaper reported said that the face login "worked a treat," for him and was keen to see if the twins could sneak past the face-based authentication to see their sibling's account.

The procedure was as follows:

"One twin would register a Windows account on the Lenovo Thinkpad and go through the face registration process. Users could enhance the camera’s accuracy by registering variations in appearance, such as wearing glasses.
The first twin would make sure the computer reliably identified them before the moment of truth arrived. Could the second twin trick the camera?"

In one instance the system wouldn't log in both twins after the setup procedure. However there was never a false positive, there was "no case of it wrongly granting access".

In the wake of many recent stories of mass password and consumer data leaks, maybe this kind of system is going to find favour. Perhaps more companies should make use of Microsoft Passport, which is an application and website authentication system reliant on the Windows Hello tech. Microsoft says that the biometric key is stored only on the device where facial recognition is established, and usable only with it. It claims that its false acceptance rate is lower than one in 100,000.

Source

[CODYQX4]

No OS is using my desktop's Webcam. I never use it, so I just covered the camera a long time ago.

Maybe that's paranoid to some. But besides some Big Brother and government stuff, people do get those regularly hacked.

[hamslammer]

No OS is using my desktop's Webcam. I never use it, so I just covered the camera a long time ago.

Maybe that's paranoid to some. But besides some Big Brother and government stuff, people do get those regularly hacked.

Same here. I installed a web cam a long time ago to talk with my daughter, but it is not even plugged in to the computer when it isn't being used.

[dMog]

you can solve this low tech by placing a small piece of paper over the lens ,,, why do people make mountains out of mole hills