August 22, 2016
A majority of tech firms rely on facial recognition technology for verification of their users. It is indeed a trusted mode of identity verification for some. But University of North Carolina’s team of researchers at the Usenix security conference held in Austin recently revealed that the facial recognition technology isn’t quite perfect in this sense as it is widely believed and it is also exploitable.
When probed further, the research team revealed that it is the Facebook profile pictures that are to be blamed for this exploitation. At the conference, the team also showcased the technique with which attackers can compromise systems that use facial recognition as their main verification method. They created three-dimensional facial models and successfully used them to deceive 4 out of 4 facial recognition systems. These models were basically created by using photos that were available publicly. The pictures were displayed via mobile virtual technology in order to trick facial recognition technology.
The aim of this research was to identify probably flaws in a technology that is deemed totally safe and reliable. The team of researchers also roped in 20 volunteers from various resources such as picture web indexes and informal communities including LinkedIn, Facebook, and Google+. Some of the participants were the members of the research team too.
Once they had collected the images, they collected 3D models of the images and tweaked them in a way that the picture’s facial animation and eyes were adjusted so that it seems like the person is directly looking at the camera. At least 3 and at most 27 photographs were received from every volunteer for tweaking purposes.
Then the researchers tried to mold their virtual reality faces on 5 different verification frameworks including KeyLemon, Mobius, TrueKey, BioID, and 1D. The frameworks were easily available on a number of customer programming platforms like iTunes Store and Google Play Store. Four out of the five frameworks were easily tricked by the team with a success rate of 85 %. It must be noted that in case your own biometric information gets compromised or if it is available publicly, then it can be exploited easily. Especially, the photographs that are available all across the web are extremely vulnerable. For instance, Facebook has a wealth of facial biometric data.