Facial recognition is supposed to make computing and banking much more secure, but just like most efforts to fight the bad guys, hackers can apparently infiltrate that, too.
That’s according to a report by Wired, which showcased how researchers have been able to demonstrate a new method to steal a face using 3D rendering and light sleuth work online. According to the report, during the Usenix security conference earlier this month, security and computer vision specialists at the University of North Carolina presented a system that used 3D digital facial models based on publicly available photos, coupled with mobile virtual reality technology, to infiltrate facial recognition systems. The report noted the virtual reality-style face, which is rendered in 3D, gives the motion and depth cues of a real face that security systems are typically looking for.
“We could leverage online pictures of the [participants], which I think is kind of terrifying,” said True Price, a study author who works on computer vision at UNC, in the report. “You can’t always control your online presence or your online image.”
The researchers were successfully able to spoof four of the five systems they attempted to hack, showcasing the downside of authentication with biometrics. Faces showing up on social media sites are particularly vulnerable because there is a host of facial biometric data easily accessible on Facebook, LinkedIn, Instagram and anywhere else consumers post photos.
While the researchers at the University of North Carolina aren’t the first to show how to defeat facial recognition security systems, what makes their demonstration unique and scary is that they collected images of 20 volunteers by using internet search engines, professional headshots and images freely available on social media networks. The researchers were able to find between three and 27 photos of each volunteer online.