Most Face Authentication Systems Can Be Bypassed By 3D Models Of Facebook Photos; Now What?

Status
Not open for further replies.

InvalidError

Titan
Moderator
All forms of biometrics no matter how sophisticated will eventually get worked around of as long as would-be attackers have any form of access to the underlying data or enough related data to recreate it. I would not trust biometrics as anything more than a fancy and somewhat more secure user name replacement. I'd still require a password to complete authentication for anything requiring more than trivial security.
 

pack3t

Commendable
Aug 23, 2016
1
0
1,510
0
Yea, no such thing as bullet proof in security. There will always be a workaround from someone. People should however understand that as techniques to bypass security are created depending on the use cases you will still reduce the number of attackers able to make effective use of the approach. So there is never a case where nothing is better than something. Just because researchers figured out a way around it does not mean that it should not be used. There are a number of things to consider to make that determination.
 

Nintendork

Distinguished
Dec 22, 2008
464
0
18,780
0
The old trusty passowrd based secure system is still the best, better if you can have a 2-3 way password before accesing content (optional).
 

3ogdy

Distinguished
Jul 13, 2009
717
2
19,165
77
Totally against biometric security. Private espionage under a brand new excuse. Now go out and scream: SECURITY! SECURITY! SECURITY!
Better tap your cameras, more elegantly (the way Asus did it) or less so...because your smartphone or laptop is not exactly yours, or under your control for that reason.
How many times do we need to read news about newly discovered backdoors and bugs that were being exploited by the NSA to understand the world we're living in?
Oh wait, yeah...let me go buy a smartphone with a fingerprint reader and that biometric security bullshit enabled. Just another chain tied to your neck.

Some people would be capable of proposing a law according to which we shall all walk completely naked in public so that we cannot hide anything under our clothes, be it guns, counterfeit money or some "Allahu akbar" bomb.
 

Jeff Fx

Reputable
Jan 2, 2015
328
0
4,780
0
This is a lot of work to defeat a simple lock that's not meant to provide heavy security.

Holding your victims phone up to their face to access their phone would be much easier, and is also easier than beating a PIN out of them.
 

InvalidError

Titan
Moderator

It won't be that much work once automated tookits to do that job become more common and many people will make the mistake of underestimating the importance of the data they are protecting with vulnerable biometric locks.
 

alextheblue

Distinguished
Apr 3, 2001
3,078
106
20,970
2
Multiple factor security is important. Facial recognition is OK as a part of that, but not as the only solution. Although, when I read the headline I already knew that Windows Hello couldn't be bypassed so easily since I had read about it when it was first released. In fact it can tell apart supposedly identical twins in the tests I saw.
 

Suneater

Commendable
Aug 24, 2016
1
0
1,510
0
Infrared camera can't be fooled by 3d model. It detects thermal signature of a face which can't be obtained from a plain photo.
 

InvalidError

Titan
Moderator

If you put infrared cameras in the cheap-and-plentiful market, plenty of people will have access to equipment to take IR pictures of people and it will only be a matter of time before they come up with a method of replaying IR pictures to biometric sensors, such as using a DLP chip with an IR light source.

Just because the technique is not currently widely used or available does not make it inherently more secure, only temporarily more difficult. A thief planning to steal your phone could very well take IR video of you prior to snatching your phone or have an accomplice taking care of IR imaging while he does his thing.
 

bloodroses

Distinguished
Jan 27, 2013
670
14
19,165
56


The other problem is that IR cameras won't work in direct sunlight; as my friend's senior design team found that out the hard way when they put a 360 Kinect sensor into an automated robot.
 

SillieAbbe

Commendable
Mar 31, 2016
8
0
1,510
0
It’s really worrying that so many people are so tragically misinformed. Biometrics should not be activated where you need to be security-conscious.

It is known that the authentication by biometrics comes with poorer security than PIN/password-only authentication. The following video explains how biomerics makes a backdoor to password-protected information.
https://youtu.be/5e2oHZccMe4
 

InvalidError

Titan
Moderator

How much more/less secure than pin/pass biometrics are is largely dependent on how frequently the information/device being protected is protected using common pin/pass such as 'password' or '1234'.

Most of my new passwords these days are slaps on the keyboard in Notepad copy-pasted in the password fields and choosing "keep me logged in". The next time I need to log in, I simply do a password recovery and repeat the Notepad procedure for the new password.
 

srmojuze

Commendable
Jul 28, 2016
26
0
1,540
1
InvalidError and 3ogdy is on the ball here. Just look up Blendswap, the consumer-level programs for recreating photoreal 3D models of people, buildings, anything just from photos and video frames(!!!) is mind-blowing.

I propose that the core of the issue is technology-focused people are making things more complex and exponentially more sophisticated yet on the front-end ever more easier and dumbed-down for the layperson. Hence this is just exacerbating the digital divide, which is most stark in security situations.

I spend most of my time nowadays with new devices turning off all the privacy-invading stuff, closing ports or what not, disabling location, rotating passwords (though like many I'm extremely lazy to do so most of the time). Even then I suspect it's minimally effective.

The average user? I don't think they ever stood a chance, not with massive government agencies, hacker groups, foreign entities and who knows what devoting all their energies to circumventing an average user's security while promising them security even though that security is mostly an illusion!

A classic case is the ol' going around to your coworker or relative's PC and seeing their browsers clogged with all kinds of gunk (toolbars, plugins, saved passwords, etc.) That hasn't changed in the past 10 years, and across all platforms it doesn't look like it will change significantly in the next 10 years.

With the explosion of selfie culture across the globe (it only seems to be accelerating at this stage) it would seem a hacker's paradise for the foreseeable future.

PS Without getting conspiratorial financial security is probably at its weakest point in digital history - I suspect banks are suffering big time (probably mainly due to lax security on the customer side) but are clever of keeping things under wraps.

PPS And indeed this is the perfect self-reinforcing cycle of promising more security which is actually more spying and less security which will lead to more invasion and hence more demands for more spying and surveillance ~in the name of security~ which will lead to the promise of more security and... let's just say this trajectory for the layperson is not looking good at the moment.
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS