Part 2 - Facial Recognition May Not be Secure for Long
This is Part 2 in the series of Facial Recognition May Not be Secure for Long.
Turning a Flat Face into 3D
Turning a flat picture into a three-dimensional model is just math. Once the algorithms are figured out, it can be made available for widespread use. For example, researchers at the University of Nottingham released an online demonstration that anyone can use. Submit a face picture and it will create a 3D model for you. It is not perfect, but showcases the early work in this space.
Challenges of Facial Recognition
The weakness of facial recognition comes from the fact it is making a validation of what it visually detects. Basically, what it can see. This is problematic as attackers can use the limited focal plane of the camera to present whatever they want. The physics remain a persistent problem for image based authentication. It is easy to recreate recorded images, video, etc. with modern displays, to match what the system will expect. The advent of multiple cameras and the potential overlay of infrared signature, may shift such attacks from easy to much more difficult.
Bringing more types of sensors to the party can improve the overall comprehensiveness. Apple has incorporated an infrared camera, proximity sensor, and a dot projector as part of their iPhone X release. This comprehensiveness introduces more complexity which increases the challenges for adversaries but can also impact usability. Additionally, complexity in technology is a breeding ground for more vulnerabilities. So, more is not always better.
Biometric Options
There are other choices. Fingerprint, iris, voice, heartbeat, and a plethora of other biometrics are being explored as viable authentication measures. Although many other biometrics don’t suffer from the challenges inherent to facial recognition, they too each have their own unique strengths and weaknesses. There is no clear winner yet.
Facial recognition may not be a panacea, it is still far better than no authentication or default passwords/codes. The shift this year to replace the fingerprint scanning with facial recognition in the iPhone may raise the stakes.
The recent iPhone X demo went awry at first, but also showcased how fast the face-scan can be, at presumably the lowest security setting.
href="
I predict if it proves sufficiently secure it will be here to stay. However, if it is weak or vulnerable, it will be quickly replaced with newer generation fingerprint scanners that can preserve aesthetics by working through the display glass and not requiring a separate button sensor.
The Future is Uncertain
Using our publicly accessible faces for security authentication may not be the best path forward. Technology is providing both the capabilities as well as undermining them. Time will tell.
As for me, I will stick with my fingerprint scanning phone. At least I have a much better chance of keeping my fingerprints more private and secure. It is not perfect, but the technology has proven solid and relatively secure in real world settings. Until tested reliable, I will not hastily jump into facial recognition. It may be suitable for low risk authentications, but I hold too much data on my phone to accept the unknown risks. Of all the different biometrics, I have only ever considered two to be plausible in finding the right balance of security, usability, and costs. My favorites are still fingerprint and iris scans, for local-only authentication. Call me paranoid, but that is my job.
I do hope Apple has found a way to also attain an optimal balance. If any company out there can thread this needle, it is Apple.
Interested in more? Follow me on LinkedIn, Twitter (@Matt_Rosenquist), Information Security Strategy, and Steemit to hear insights and what is going on in cybersecurity.
its crazy to think stuff like this also boils down to just math. guess you cant really get away from it
In the new Blade Runner film, facial recognition was utilized to unlock a PC, the Replicant had no issue unlocking it! ;)
how much work does it take to make a 3d print of someone?
A lot. You need a 3D printer and the software to capture and process the image.
Well, smart cities are probably already identifying and tracking people. Facial recognition is likely in our future whether we like it or not.
That thought is a bit disturbing. More so, as you are probably right.
Congratulations @mrosenquist! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOPThanks @steemitboard
Your recognition and badge are much appreciated.
Bio-metrics can never be as secure as using an actual passphrase on you device. Someone could hold you down and force you to unlock your phone just by holding it to your face or pressing your fingers against the sensor. I'm actually considering turning off the ability to unlock my phone via fingerprint.
True, but if you are seriously worried about that type of attacker, they can compell you to give up your passphrase as well.
This is true and no I'm not worried about an attacker. Just something I wanted to add. If they want my passphrase and i am strong enough to live through the betting, I could die and they still don't have my passphrase. But if those same people were to kill me with biometrics on they could just use it normally.
Again I'm not in a place where I have to worry about that kind of thing just something to think about.