3D faces based on Facebook photos can fool security systems
Facial recognition systems aren’t quite perfect yet and can still make mistakes especially when they’re assessing the faces of people of color. Now, a team of researchers from the University of North Carolina showed that companies developing security systems based on the tech really do have a lot of work ahead of them. They proved that a number of existing systems can be fooled by the VR-like, computer-rendered faces they created. Further, they made their 3D models, which they showed the security systems on a phone, using only photos taken from social networks like Facebook.
The team collected photos of 20 volunteer subjects from online sources, like a real digital identity thief or stalker would do. They then created 3D models of the volunteers’ faces, added some facial animations and tweaked their eyes so they’d look like they were looking at the camera. In cases wherein they didn’t find any that showed the subject’s whole face, they recreated the missing parts, even those areas’ shadows and texture. What makes that even more impressive is that some of the volunteers are security researchers themselves, and the team were only able to dig up three or so low-quality photos of them online.
Since the researchers’ 3D models have shadows and even move a bit, they were able to fool four out of five security systems they tested 55 percent to 85 percent of the time. According to Wired, team member True Price said during the team’s presentation at Usenix security conference:
“Some vendors — most notably Microsoft with its Windows Hello software — already have commercial solutions that leverage alternative hardware. [In Hello’s case, that hardware is Tobii’s eye-tracking camera.] However, there is always a cost-benefit to adding hardware, and hardware vendors will need to decide whether there is enough demand from and benefit for consumers to add specialized components like IR cameras or structured light projectors.”
A real face would would give off infrared radiation, after all, which could be an added layer of protection. If you want to read more about the team’s method and results, you can check out the the full paper they published on Wired.