Hackers Trick Face Recognition Logins

by OneLock Security Team

Posted on December 10, 2016

The Usenix security conference, security and computer vision specialists from the University of North Carolina presented a system that uses digital 3-D facial models based on publicly available photos and displayed with mobile virtual reality technology to defeat facial recognition systems. A VR-style face, rendered in three dimensions, gives the motion and depth cues that a security system is generally checking for. The researchers used a VR system shown on a smartphone’s screen for its accessibility and portability. Their attack, which successfully spoofed four of the five systems they tried, is a reminder of the downside to authenticating your identity with biometrics. By and large your bodily features remain constant, so if your biometric data is compromised or publicly available, it’s at risk of being recorded and exploited. Faces plastered across the web on social media are especially vulnerable—look no further than the wealth of facial biometric data literally called Facebook.

We have warned about using fingerprint and face recognition authentications for long time that is not secure and people should not trust it. It is just matter of time until hackers find ways to trick the computer using made up biometric prints. It does not matter what type of biometric you use, there can always be ways to trick it. So our solution as always been to use strong and unique passwords or passphrases and if you need extra security use 2 factor authentication or you can use OneLock's pattern password that is also immune to dictionary word attacks and key loggers. One other last thing that you should know as it has been told before is that once hackers get hold of your biometric data you can't change it because biometrics is who you are and not what you know or have.

You can read more about the hack here.