Facial recognition softwares and security systems still need a lot of improvement and development especially when recognizing people of color. A team of security analysts from the University of North Carolina has published a paper which shows that tech-based security systems have a lot of work to do. They have proved that certain existing security systems can be tricked by computer-made, 3D faced they created which were shown to the systems on phone. These 3D faces were created using only photos available on social media sites like Facebook.
The researchers collected images of 20 volunteers from online sources – just like a stalker or a digital identity thief would attempt to do. Next, they created the 3D faces of the subjects, added some facial animations using VR, modified the eyes so it looked like they were looking at the camera. There were also cases where they could not find even a single image showing the subject’s whole face. They solved this problem by recreating the missing parts – texture, shadows and all.
Interestingly, some of the volunteers were security analysts themselves, and the research team could only find 2 or three low-quality photos of them online. Because the 3D faces made had shadows and could also move a little, they were able to trick 4 out of 5 facial recognition log-ins tested with a success rate of 55% to 85%. True Price, one of the members of the research team said during presentation at Usenix security conference:
“Some vendors — most notably Microsoft with its Windows Hello software — already have commercial solutions that leverage alternative hardware. [In Hello’s case, that hardware is Tobii’s eye-tracking camera.] However, there is always a cost-benefit to adding hardware, and hardware vendors will need to decide whether there is enough demand from and benefit for consumers to add specialized components like IR cameras or structured light projectors.”
So how can we differentiation between a real and a 3D face? Well a real face gives off infrared radiation and a system that detects it could be used for additional security.
Do you use facial recognition log-in? Let us know what you feel after this study!