With only 9 virtual faces, more than 40% of Israel’s facial data system has been fooled

Facial recognition is increasingly used by companies as a routine security procedure and is extremely popular. For example, it’s a way to unlock your phone or social media accounts. This practice comes with the exchange of some privacy for comfort and promises of safety, but according to a recent study, that promise is essentially unfulfilled.

Computer scientists at Tel Aviv University in Israel say they have discovered a way to bypass a large percentage of facial recognition systems by faking faces. The team calls this method a “face master” (like the “master key” in your home), which uses artificial intelligence technology to create a face pattern that can continuously unlock the keys. face in the identity verification system.

The researchers said: “Our results show that face-based authentication is extremely vulnerable, even without information about the target’s identity. To provide a more secure solution for the facial recognition system, anti-spoofing methods are often applied. Our method can overcome such defenses.”

According to the study, the vulnerability exploited here relies on the fact that facial recognition systems use multiple sets of marker points to identify specific individuals. By generating face templates that match many of those markers, a type of face can be generated with the ability to fool a high percentage of security systems. In essence, the attack was successful because it produced “faces that resemble the majority of the population”.

These “faces of all faces” were created by importing a specific algorithm into StyleGAN, a widely used generic model of artificial intelligence technology to create digital images of people. unreal human face.

The team tested their master face on a large open source repository of 13,000 face images operated by the University of Massachusetts, which is a common repository used to develop and test systems. facial recognition system and standard database for the Israeli system.

The researchers claim that it can unlock “more than 20% of the identities” in the database. Other tests show even higher success rates. Under various testing conditions, the researchers found that 40-60% authentication was possible with only nine master images generated.

Specifically, the system was tested with three face descriptors based on Convolutional Neural Networks (CNNs): SphereFace, FaceNet, and Dlib. The researchers found that the Dlib-based approach outperformed, succeeding in generating nine master faces that were 42% – 64% more likely to unlock the test dataset.

Furthermore, the researchers say that the hypothetical facial structure could be paired with deepfake technologies that would “animate” it, thereby fooling “life-detection methods.” ” is designed to assess whether an object is a real face of a living person.

This reflects growing fear that facial recognition is an insecure way of security, which is bad news for everyone, but also “good news” for those looking to take advantage of the lack of security. this safety.

While product vendors with facial recognition technology make strong claims about their technology, numerous studies have shown that most facial recognition technologies are completely bypassable. . A good example is that Face ID on Apple’s iPhone has been surpassed many times, as a “proof-of-concept” implemented by Bkav in 2017, as well as many other times Face ID has been surpassed over the years.

Reference: Unite