Albeit facial recognition system is considered as one of the trusted methods for your computer to recognize you, it’s still not quite perfect and prone to make mistakes. A research team from the University of North Carolina proved that those security systems based on this facial recognition technology can be easily fooled by new attacks using VR-like, computer-rendered faces they built. Moreover, using only photos taken from the wealth of facial biometric data, indisputably known as Facebook, they made their 3D models and showed them to the security systems on a phone, tricking four out of five security systems they tested 55 percent to 85 percent of the time.
Just like a stalker or digital identity thief, they collected 20 volunteers from online sources. Then they built 3D models of their faces, included some facial animations and tweaked their eyes to make them looking at the camera. They even rebuilt any missing parts, the shadows and texture of that area in case they could not find the subject’s full face. The most interesting part is, some of the volunteers were security researchers themselves, and of them, some were so active to protect their online privacy. However, they were able to dig up at least 3 photos of them online.
“Some vendors — most notably Microsoft with its Windows Hello software — already have commercial solutions that leverage alternative hardware. [In Hello’s case, that hardware is Tobii’s eye-tracking camera.] However, there is always a cost-benefit to adding hardware, and hardware vendors will need to decide whether there is enough demand from and benefit for consumers to add specialized components like IR cameras or structured light projectors,” said team member True Price during the team’s presentation at Usenix security conference.
The researchers have published their full paper on Wired, explaining their method and results.