Researchers Fool Facial Recognition Logins By Making 3D Faces Based On Facebook Photos

facial-recognition

Facial recognition softwares and security systems still need a lot of improvement and development especially when recognizing people of color. A team of security analysts from the University of North Carolina has published a paper which shows that tech-based security systems have a lot of work to do. They have proved that certain existing security systems can be tricked by computer-made, 3D faced they created which were shown to the systems on phone. These 3D faces were created using only photos available on social media sites like Facebook.

Spotting poor, mediocre, and high-quality images of one study participant’s face using publicly available Facebook photos. Credits: DEPARTMENT OF COMPUTER SCIENCE/UNC CHAPEL HILL
Spotting poor, mediocre, and high-quality images of one study participant’s face using publicly available Facebook photos. Credits: DEPARTMENT OF COMPUTER SCIENCE/UNC CHAPEL HILL

The researchers collected images of 20 volunteers from online sources – just like a stalker or a digital identity thief would attempt to do. Next, they created the 3D faces of the subjects, added some facial animations using VR, modified the eyes so it looked like they were looking at the camera. There were also cases where they could not find even a single image showing the subject’s whole face. They solved this problem by recreating the missing parts – texture, shadows and all.

Working on facial rendering to produce realistic texture. Credits: DEPARTMENT OF COMPUTER SCIENCE/UNC CHAPEL HILL
Working on facial rendering to produce realistic texture. Credits: DEPARTMENT OF COMPUTER SCIENCE/UNC CHAPEL HILL

Interestingly, some of the volunteers were security analysts themselves, and the research team could only find 2 or three low-quality photos of them online. Because the 3D faces made had shadows and could also move a little, they were able to trick 4 out of 5 facial recognition log-ins tested with a success rate of 55% to 85%. True Price, one of the members of the research team said during presentation at Usenix security conference:

“Some vendors — most notably Microsoft with its Windows Hello software — already have commercial solutions that leverage alternative hardware. [In Hello’s case, that hardware is Tobii’s eye-tracking camera.] However, there is always a cost-benefit to adding hardware, and hardware vendors will need to decide whether there is enough demand from and benefit for consumers to add specialized components like IR cameras or structured light projectors.”

The process of preparing facial models for the attack. Credits: DEPARTMENT OF COMPUTER SCIENCE/UNC CHAPEL HILL
The process of preparing facial models for the attack. Credits: DEPARTMENT OF COMPUTER SCIENCE/UNC CHAPEL HILL

So how can we differentiation between a real and a 3D face? Well a real face gives off infrared radiation and a system that detects it could be used for additional security.

Do you use facial recognition log-in? Let us know what you feel after this study!

Leave a Reply

Your email address will not be published. Required fields are marked *