Face recognition is used everywhere. But, is it safe and secure to use a face recognition system? The answer may be NO.
As a typical biometric system, eight possible points can be attacked by adversaries (see below figure).
In this post, I would like to share one of my experiment I have done to break the authentication chain driven by biometrics. The attack is mainly designed to break the biometric sensor (or even the whole machine).
Software：Android simulator, vitural camera driver: wecam
- install Android simulator, and the Android system, install ‘APPlock with face’
- Install WeCam on Win10, and add two media: one is my own face photo/video.
- Launch the APPLock on the Android system, register with real cam with my live face. Then lock any app with APPlock.
- Then, try to unlock the app everytime use it, I can unlock with the real physical cam.
- And try to unlock the app with the WeCam, by using a short video or a photo. And finally, I succeed.
Let’s have a look in detail:
The APPLock and WeCam:
Register with my physical cam:
And try to unlock with vitural cam:
It turns out that the face recognition can be easily be fooled. If an attacker can build a system with a virtual cam, it can easily break the authentication chain and gain illegal access.
But how easy is it?? The answer is super easy, check the below technique which is used to do the live show without a physical person. It utilizes a smartphone with a virtual cam and some pre-recorded videos.
In summary, it should be clear that biometric has risks. As the highly possible daily users, we need to think about it, and be aware about it. Plus, I do believe some tech companies have developed a lot of technologies to avoid such attacks, but remember, this is a cat-mouse game, we should never take it granted.