Hackers Trick Facial-Recognition Logins With Facebook Photos

Discussion in 'HardForum Tech News' started by HardOCP News, Aug 19, 2016.

  1. HardOCP News

    HardOCP News [H] News

    Messages:
    0
    Joined:
    Dec 31, 1969
    You knew it was just a matter of time before someone came up with something like this. I'm actually surprised this wasn't done sooner that it was.

    Their attack, which successfully spoofed four of the five systems they tried, is a reminder of the downside to authenticating your identity with biometrics. By and large your bodily features remain constant, so if your biometric data is compromised or publicly available, it’s at risk of being recorded and exploited. Faces plastered across the web on social media are especially vulnerable—look no further than the wealth of facial biometric data literally called Facebook.
     
  2. oROEchimaru

    oROEchimaru [H]ardness Supreme

    Messages:
    4,658
    Joined:
    Jun 1, 2004
    yea, I can't believe this is going in areas that are considered high risk (require encryption) ... Space balls and Mission Impossible 1 taught me this.
     
    Flatline likes this.
  3. -Dragon-

    -Dragon- 2[H]4U

    Messages:
    2,318
    Joined:
    Apr 6, 2007
    Windows Hello seems to be doing a good job with this so far, haven't heard of any tricks that work with it. Requires color camera, IR camera, and a 3D camera to work, can't be fooled by pictures or videos, and apparently is sensitive enough to tell apart identical twins reliably, so if it can tell apart people with identical genetic code good luck fooling it with a rubber mask.
     
  4. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005
    From what I've read about Windows Hello so far, defeating with a false face is very difficult. I've tested it with my Surface Book with a number of people and works perfectly under those circumstances. I've tried flat photos as well and that doesn't fool it. You'd need a high quality makeup job the best I could tell and for now that's impractical in normal cases.
     
  5. -Dragon-

    -Dragon- 2[H]4U

    Messages:
    2,318
    Joined:
    Apr 6, 2007
    Has anyone successfully tricked it that way though? No makeup job is going to look as convincing as identical twins do and it can tell them apart. Prosthetic and the like aren't going to give precise enough facial reference points to fool something that can tell apart twins I wouldn't think. I use Windows Hello on my SB too and I also bought a intel realsense camera for my desktop PC to use it there as well so I do keep an eye out for articles related to Windows Hello security and specifically the ability to trick it and so far I haven't seen anything pop up yet.

    If it's a hypothetical "you might be able to trick it with good enough makeup" seems implausible to me if two humans who literally started out life as the same fertilized egg can't fool it.

    Windows Hello: can identical twins fool Microsoft and Intel?
    Emphasis mine.
     
    Talyrius likes this.
  6. ol1bit

    ol1bit [H]ard|Gawd

    Messages:
    1,233
    Joined:
    Jan 15, 2007
    I think if you are going to use Bio, finger prints are best. Sure the can be hacked but not as easy as your public Facebook photos.
     
  7. oROEchimaru

    oROEchimaru [H]ardness Supreme

    Messages:
    4,658
    Joined:
    Jun 1, 2004
    face.... off. 3d print a face work?