Biometric identification is moving forward to leaps and bounds in recent years as a new method with which enhance the security complement to passwords. Facial recognition is one of the latest trends used by some of the largest technology companies to unlock our phones and computers.
But a group of researchers of the University of North Carolina (UNC), in the United States, has developed an attack with which have been able to skip this type of security systems. All you have to do is take some of the many personal photos that we share social networks and create a 3D model of our face sufficiently detailed to fool them.
They presented their study with a show a couple of weeks during the Usenix Association security conferences. They make use of virtual reality to show a 3D model of our face on a mobile with the movement and depth that tend to look at them systems of recognition, and the five that tried it succeeded in four.
The key is in the photos that we share
The great peculiarity of this attack developed by the UNC is that they do not use Studio photographs taken by the developers, but they resort to which they happily share the network. In the demonstration caught 20 volunteers, and sought their photos through search engines or social networks like Facebook, LinkedIn and Google +, until between 3 and 27 pictures of each.
With them, the Group of researchers used a program that have been created for identify the points of reference of the face of each individual, which used to render it then in 3D. The best photos getting were that used to insert on the model data on the texture of the face, which had to be as realistic as possible.
Once created the volunteers face version, tested if it they could outwit five methods of facial recognition as KeyLemon, Mobius, TrueKey, BioID or 1 d. All of them are available to users in some models of smartphones and software like Google Play Store or iTunes.
For the test, first configured the programs with the real faces of the volunteers, and then they were showing the 3D models of each one, in which flashes, smiles or movements of the eyebrows is applied you tend to be used by such systems to confirm that they are real people.
Each face photographs taken at that time were used as control. The results were quite dramatic, as they could cheat to four of the five systems with between 55 and 85 percent success rate. When they fail, the researchers sought new textures in the photos up to the proper.
With this test, the UNC researchers have shown how the photos published online You can play against our privacy. They were convinced that it is possible to defend itself against attack, although for that security systems will have to evolve incorporating new sensors, which can be a challenge considering the limited space to put them on some devices.