By Roger Rodriguez, NYPD-Retired, Vigilant Solutions, Director of Business Development
The headline of a WIRED magazine article published on August 19, 2016, states, “Hackers Trick Facial Recognition Logins with Photos from Facebook (What Else?).” The article is about a study that was conducted with 20 volunteers, and it proved just how easy it was to obtain various facial photos of your identity from social media sites on the web.
Essentially, the study showed how someone can “spoof” or trick biometric technology through impersonation to access devices or other personal accounts. It further demonstrated that without proper precautions in place, anyone can take a photo or video of someone and present it to a facial recognition system to gain access. A definite breach of personal privacy and security, and a major setback to the growth of facial recognition as a valued and secure form of biometric technology.
Recognizing the vulnerabilities of spoofing attacks against facial recognition systems, Vigilant Solutions implemented strong liveness detection countermeasures for true facial authentication. This countermeasure can easily identify and prevent these types of fraudulent attacks.
Liveness face detection uses multi-modal biometric technologies to confirm that the face belongs to an actual living being, and it is not a face captured in a photo or video. The Vigilant Solutions Liveness Face Detection web application uses random interactive actions, along with facial recognition technology, to validate the person is truly alive and actually in front of the facial recognition system, versus a photo that has been submitted to spoof the system and gain access.
How it works
Movements are measured through randomized prompts. Each command is subsequently verified in the system. This is classified as an active facial analysis requiring the end-user to follow a series of face position commands that are set by the system administrator.
These unpredictable commands make it much more difficult to simply rely on canned photos or videos to spoof facial recognition technology. If the end-user does not comply with one prompt, the application generates a failed identity check. When the end-user follows all the random and unpredictable face command prompts, then the “proof of life” validation process ends, and a secondary facial recognition verification begins using facial recognition technology to compare the user against the stored profile image contained in the database.
This two-factor authentication combines motion verification, one-to-one facial recognition technology and continues to be the most secure form of identity verification and authentication.
When accurately implemented, it can be used to complement or replace PIN numbers and passwords, or it can be used as means to check-in for those who require supervision. First responders that rely on facial recognition software to aid in their investigations must challenge their facial recognition providers to constantly seek ways to improve upon any vulnerabilities identified in their technology.
Don’t get caught by attempts to spoof your facial recognition systems. Make liveness face detection a part of your identity verification solution today.
About the Author
Roger Rodriguez joined Vigilant Solutions after serving over twenty years with the NYPD where he spearheaded the NYPD’s first dedicated facial recognition unit and helped start up the Real Time Crime Center. Both are recognized as world models in law enforcement data analytics and facial recognition used in criminal investigations. Today, Roger drives the Facial Recognition, License Plate Reader, and Mobile Companion product lines for Vigilant Solutions as Director of Business Development. As subject matter expert and author, he shares his experiences through thought leadership presentations, media interviews, publications, and hundreds of law enforcement agencies around the world have benefitted from them.
Why old-fashioned police work is still required for facial recognition investigations