Search within Lanny's blog:

Leave me comments so I know people are actually reading my blogs! Thanks!

Friday, January 09, 2009

AI and Robots: Researchers Hack Facial Recognition Authentication

Yesterday we talked about fingerprints. These days, another form of biometric identifier has gained more attention -- facial recognition. In fact, several laptop manufactures have included facial recognition as authentication caveats to attract more consumers. The selling pitch was that facial recognition is more convenient for the user than entering user name/password pair. The video below is a fun commercial by Lanovo promoting such technology.

Similarly, Toshiba also included such technology with their latest product lines.

However, several Vietnamese researchers have demonstrated at BlackHat DC 2009 how these facial recognition authentications can easily be cracked using photos of the user or multiple phony facial images in kind of "brute-force" attacks. The key lies in how the facial recognition algorithms work. They only treat the user's face as digital images, therefore, by manipulating lighting conditions and view angles of photos, such authentication systems can be easily fooled even though the security level is set to high. The researchers also wrote a paper describing their work. Too bad they didn't make a video of the presentation at the conference. There is, however, an interview with Duc Nguyen, the main researcher.

Here's also a link to an article with more details.
These Windows XP and Vista laptops come with built-in webcams that work with the facial-recognition technology. This form of authentication is considered more convenient than fingerprint scans and more secure than traditional passwords. The software scans the user's face and stores the images and facial characteristics. Then the user can log in by scanning his or her face, which is then matched against the image data.

Don't get me wrong here. Facial recognition is a great technology. However, we have to be very careful about how we apply new technologies to real world problems. Using facial recognition to customize/personalize things (such as seat positions in cars) is great. But using it for security authentication might not be that good of an idea just like RFID tags (see my other post for a discussion on that).

Don't let stupid reviewers ruin your joyful life. There's always another conference out there, waiting for you!