Wear a Mask, Bypass Facial Recognition at Airports!

Researchers claim that they could bypass airport and payment facial recognition systems offered by AliPay and WeChat by using facial masks

 

Facial recognition appears to be facing tough times. Reports that Google’s latest Pixel phone opened even when the users kept their eyes shut created moderate embarrassment for the company. However, that’s nothing compared to the confusion that airports in India would face as they prepare to allow paperless check-in and boarding via biometric authentication.

A recent research suggests that facial recognition technology isn’t as fool proof as it is being made out to be. A new test reported by Fortune.com suggests that masks and something as mundane as photographs could fool facial recognition technology.

Artificial intelligence company Kneron conducted the tests by visiting public locations and tricking facial recognition terminals by allowing payment or access. It says that in stores across Asia where facial recognition tech was deployed, their team used high quality 3-D masks to deceive AliPay and WeChat payment systems in order to make purchases.

Seems like science fiction, but the research team said that the system that use a person’s face instead of a digital authentication or a fingerprint did fall for the gag of the mask. Which means that in theory at least fraudsters could end up using another person’s face to go shopping or remove money from the bank accounts.

Kneron further revealed that they conducted similar tests at Schiphol Airport in the Netherlands by entering the self-boarding terminal with just a photo on a phone screen. The team confirmed that they had used similar means to gain access to train stations in China where commuters use facial recognition to pay fares and board the trains.

TEDx speaker, author and FinTech influencer Chris Gledhill took to social media to suggest that all it takes to fool facial recognition at airports and border crossings is a printed mask. Kneron CEO Albert Liu issued a statement suggesting that technology providers should be held accountable if they do not safeguard users to the highest standards and questioned whether facial recognition technology was indeed of global standards, given that biometrics was being considered the answer to cyber security.

With government introducing Digi Yatra, a biometric initiative across Indian airports last year and trials already on at Bangalore, this research could cast some doubts on the safety and security of using facial recognition, given the bane of terrorism that is keeping security personnel across the world on tenterhooks.

So, how did something as simple as a photograph or a face mask actually befuddle the system?

In the case of masks, the deceptions worked due to the fact that the facial recognition system has the image of a person whose face was used to create the mask. Kneron says instances needn’t be widespread though there is a danger that even a small data leak could cause disastrous consequences for the aviation industry, not to mention the possibility of defrauding wealthy individuals.

The article quotes Albert Liu to suggest that the threat to privacy of users with sub-par facial recognition that is masquerading as AI is very real. “The technology is available to fix these issues but firms have not upgraded it. They are taking shortcuts at the expense of security,” he says in the statement, which of course leaves the question open about why Kneron traversed this route.

The company says that its experiments weren’t meant to promote its services or products but to learn about the limitations of the existing technology in order to enhance it. The company, backed by high profile investors such as Qualcomm and Sequoia Capital, is developing AI tools that would be capable of recognising individuals entirely on devices instead of cloud-based services.

Of course, this isn’t the first such experiment nor is it likely to be the last. Scientists from the University of North Carolina presented a case at the Usenix Security Conference had fooled face sensors using pictures from Facebook a few years ago. Then there was also the infamous story of how Google’s AI mistook a turtle for a rifle!

With reports of how AI could reproduce another person’s fingerprints and reports of how scientists have been able to subvert voice recognition using laser rays, it appears as though biometrics too cannot secure our digital data. Does it mean that we go back to two-tier authentication? A process that is too tedious but not so much so as that we ignore it and lose our sleep.


TAGS: biometrics, Data Safety, Data Security, Cybersecurity, Hacking, facial recognition, Kneron