So hackers have successfully tricked Facial Recognition System using Facebook profile pictures — What next?
A majority of tech firms rely on facial recognition technology for verification of their users. It is indeed a trusted mode of identity verification for some. But University of North Carolina’s team of researchers at the Usenix security conference held in Austin recently revealed that the facial recognition technology isn’t quite perfect in this sense as it is widely believed and it is also exploitable.
When probed further, the research team revealed that it is the Facebook profile pictures that are to be blamed for this exploitation. At the conference, the team also showcased the technique with which attackers can compromise systems that use facial recognition as their main verification method. They created three-dimensional facial models and successfully used them to deceive 4 out of 4 facial recognition systems. These models were basically created by using photos that were available publicly. The pictures were displayed via mobile virtual technology in order to trick facial recognition technology.
The aim of this research was to identify probably flaws in a technology that is deemed totally safe and reliable. The team of researchers also roped in 20 volunteers from various resources such as picture web indexes and informal communities including LinkedIn, Facebook, and Google+. Some of the participants were the members of the research team too.
— USENIX Security (@USENIXSecurity) August 19, 2016
Once they had collected the images, they collected 3D models of the images and tweaked them in a way that the picture’s facial animation and eyes were adjusted so that it seems like the person is directly looking at the camera. At least 3 and at most 27 photographs were received from every volunteer for tweaking purposes.
Then the researchers tried to mold their virtual reality faces on 5 different verification frameworks including KeyLemon, Mobius, TrueKey, BioID, and 1D. The frameworks were easily available on a number of customer programming platforms like iTunes Store and Google Play Store. Four out of the five frameworks were easily tricked by the team with a success rate of 85 %. It must be noted that in case your own biometric information gets compromised or if it is available publicly, then it can be exploited easily. Especially, the photographs that are available all across the web are extremely vulnerable. For instance, Facebook has a wealth of facial biometric data.
According to Wired, True Price, a UNC’s computer vision’s study author states that:
“We could leverage online pictures of the , which I think is kind of terrifying. You can’t always control your online presence or your online image.”
Not just that facial recognition is being used at tech firms, a number of consumer products such as smartphones and laptops are also using this technology for user verification. This is why the situation is so alarming. The hackers can use two-dimensional pictures, photos, and even 3D face replicas to compromise a system.
But there are also methods with which the attacks can be prevented and the system can be improved. Such as scanning faces for human infrared signals.
According to Michigan State University’s biometrics researcher Anil Jain, face biometrics are quite easy to spoof in comparison to numerous other biometric modalities like irises and fingerprints. However, “3-D face models may visually look similar to the person’s face that is being spoofed, they may not be of sufficiently high quality to get authenticated by a state of the art face matcher,” says Jain.
The only solution is to embed hardware and sensors and adopt preventive measures by moving beyond mobile cameras and webcams.
“Some vendors—most notably Microsoft with its Windows Hello software—already have commercial solutions that leverage alternative hardware. However, there is always a cost-benefit to adding hardware, and hardware vendors will need to decide whether there is enough demand from and benefit for consumers to add specialized components like IR cameras or structured light projectors,” says Price.