Home > Security/Exploits > Faking Face Recognition

Faking Face Recognition

This week CNET news reported on some interesting, new ways of bypassing facial recognition technology built into newer laptops. The reporter (Dong Ngo) published an interesting article which shows an easy way of bypassing the software from companies such as Lenovo, Toshiba and Asus that are shipped on popular laptops. By using a slightly modified picture of the correct recipient, one can easily fool the software.

They demonstrated this by capturing the recipient’s face from a Skype video session and printing it out on paper.

Of course, this is not the first time we’ve seen big problems with built-in biometric devices – by definition, anything built-in is going to be low cost/mass market. Does anyone remember the famous “gummy finger” paper from a few years ago which showed how a capacitive fingerprint scanner could be defeated by a simple gummy (Jelly for British readers) finger. Then there’s the issue that most embedded readers are simply scanners – they don’t do any hardware validation of the print, that’s all done in (insecure) software (though this is changing).

Finally, there are the numerous reports of people whose fingers have indistinct prints, causing matching algorithms to go to 5000:1 and below quality levels. Many readers don’t work if your finger is cold/hot/dirty/wet etc. I even know a developer who has no fingerprints at all due to 20 years of typing code…

Though I hate to say it, passwords are still here to stay for the foreseeable future. 10 years ago the prediction was that the world would move towards smartcards, 5 years ago it was biometrics. In 2004 even Bill Gates himself predicted the “death of the password,” though I think that was originally predicted by IBM 30 years ago.
Talking of predictions by Mr. Gates, I was disappointed to find that the famous “640KB should be enough for anyone” quote never came from him and that it’s an urban legend. Such a shame, as it’s quotes like that which made me aspire to be a technologist.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: