Hackers Trick Facial-Recognition Logins With Facebook Photos

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
You knew it was just a matter of time before someone came up with something like this. I'm actually surprised this wasn't done sooner that it was.

Their attack, which successfully spoofed four of the five systems they tried, is a reminder of the downside to authenticating your identity with biometrics. By and large your bodily features remain constant, so if your biometric data is compromised or publicly available, it’s at risk of being recorded and exploited. Faces plastered across the web on social media are especially vulnerable—look no further than the wealth of facial biometric data literally called Facebook.
 
yea, I can't believe this is going in areas that are considered high risk (require encryption) ... Space balls and Mission Impossible 1 taught me this.
 
Windows Hello seems to be doing a good job with this so far, haven't heard of any tricks that work with it. Requires color camera, IR camera, and a 3D camera to work, can't be fooled by pictures or videos, and apparently is sensitive enough to tell apart identical twins reliably, so if it can tell apart people with identical genetic code good luck fooling it with a rubber mask.
 
-Dragon- said:
Windows Hello seems to be doing a good job with this so far, haven't heard of any tricks that work with it. Requires color camera, IR camera, and a 3D camera to work, can't be fooled by pictures or videos, and apparently is sensitive enough to tell apart identical twins reliably, so if it can tell apart people with identical genetic code good luck fooling it with a rubber mask.
Click to expand...

From what I've read about Windows Hello so far, defeating with a false face is very difficult. I've tested it with my Surface Book with a number of people and works perfectly under those circumstances. I've tried flat photos as well and that doesn't fool it. You'd need a high quality makeup job the best I could tell and for now that's impractical in normal cases.
 
heatlesssun said:
From what I've read about Windows Hello so far, defeating with a false face is very difficult. I've tested it with my Surface Book with a number of people and works perfectly under those circumstances. I've tried flat photos as well and that doesn't fool it. You'd need a high quality makeup job the best I could tell and for now that's impractical in normal cases.
Click to expand...
Has anyone successfully tricked it that way though? No makeup job is going to look as convincing as identical twins do and it can tell them apart. Prosthetic and the like aren't going to give precise enough facial reference points to fool something that can tell apart twins I wouldn't think. I use Windows Hello on my SB too and I also bought a intel realsense camera for my desktop PC to use it there as well so I do keep an eye out for articles related to Windows Hello security and specifically the ability to trick it and so far I haven't seen anything pop up yet.

If it's a hypothetical "you might be able to trick it with good enough makeup" seems implausible to me if two humans who literally started out life as the same fertilized egg can't fool it.

Windows Hello: can identical twins fool Microsoft and Intel?
In the case of Isabelle and Natalie Brown, 11, Windows Hello was unable to log in either. That was the only instance where the system failed. In the end, there were some cases of Windows Hello taking its time to identify a twin, but no case of it wrongly granting access. That’s a win for Intel and Microsoft.
Click to expand...
Emphasis mine.
 
I think if you are going to use Bio, finger prints are best. Sure the can be hacked but not as easy as your public Facebook photos.
 
You must log in or register to reply here.
Back
Top