Biometric identification is making great strides in recent years as a new method that enhance security-complementing passwords. And the facial recognition is one of the latest trends used by some of the largest technology companies to unlock our phones and computers.
But a group of researchers from the University of North Carolina (UNC) in the United States, has developed an attack with which they could skip this type of security systems. All you have to do is take some of the many personal photos shared on social networks and create a sufficiently detailed to deceive 3D model of our face.
Their study presented him with a show a couple of weeks ago during the security conference of the association Usenix. They make use of virtual reality to display on a mobile a 3D model of our face with movement and depth that often seek them recognition systems, and the five in which it succeeded tested in four.
The key is that we share photos
The great feature of this attack developed by the UNC is not using photos taken by developers study, but turn to gleefully shared on the network. On the show, they took 20 volunteers, and sought their photos via search engines or social networks like Facebook, LinkedIn or Google+, until between 3 and 27 photos of each.
With them, the researchers used a program created to identify the landmarks of the face of each individual, which then used to render it in 3D. Getting the best photos were the ones used to insert into the model data on the texture of the face, which had to be as realistic as possible.
You may also like to read another article on Web2GB: YouTube wants to compete with Netflix and buy their first series
Once created the version of the face of the volunteers, tested whether they could outsmart her five methods of facial recognition as KeyLemon, Mobius, TrueKey, BioID or 1D. All of them available to users in some models of smartphones and top – level software like Google Play Store or iTunes.
For the test, they first configured programs with real faces of the volunteers, and were then showing them 3D models of each, in which flickers, smiles or movement of the eyebrows applied that are usually used for this type of systems to confirm that they are against real people.
As a control, they used photographs of the face of each taken at that time. The results were quite strong, as could mislead four of the five systems with a success rate of between 55 and 85 percent. When they failed, the researchers sought new textures on the photos to get proper.
With this test, the UNC researchers have shown how the photos we publish online can play against our privacy. They were convinced that it is possible to defend against the attack, although this security systems need to evolve incorporating new sensors, which can be challenging given the little space they have to put on some devices.