A technique to bypass facial recognition technology has been developed using publicly available photos from people’s social media accounts.
Researchers at the University of North Carolina discovered the way to defeat the biometric security using virtual reality (VR) systems to create 3D facial models based on just a handful of photos taken from a person’s Facebook account.
“Such VR-based spoofing attacks constitute a fundamentally new class of attacks that point to a serious weakness in camera-based authentication systems,” the researchers wrote in a paper describing the technique.
“Unless they incorporate other sources of verifiable data, systems relying on color image data and camera motion are prone to attacks via virtual realism.”
Facial recognition systems have become an increasingly popular method for security authentication in recent years and are widely seen as offering the potential of significantly improving online security.
Both Apple and Google are believed to be working on their own solutions, having acquired facial recognition software companies.
The technique to undermine such systems was demonstrated at the USENIX security conference earlier this month.
After collecting photos of subjects, the researchers created 3D models of the faces and added facial animations. With the 3D models, they were able to fool four out of five security systems 55-85 percent of the time.
“Our work outlines several important lessons for both the present and the future state of security, particularly as it relates to face recognition systems,” the paper states. “The ability of an adversary to recover an individual’s facial characteristics through online photos is an immediate and very serious threat, albeit one that clearly cannot be completely neutralized in the age of social media.
“Therefore, it is prudent that face recognition tools become increasingly robust against such threats in order to remain a viable security option in the future.”