Researchers Hack Faces In Biometric Facial Authentication Systems

HOME

ARTS

BIZ

CLIMATE

FUN

FUTURE

PANIC

POLITICS

SCIENCE

SCREEN

SEX

SPIRIT

SPORT

The art of assessing conversation

Who Is Copyright Designed For?

Adam Yauch was a Muslim hero

Diablo 3 - The Basics

Woody Guthrie comes to Salford

Radiohead's Thom Yorke: 'I can see why 'The King Of Limbs' alienated people'

Researchers Hack Faces In Biometric Facial Authentication Systems

Vietnamese researchers have cracked facial recognition technology in Lenovo, Asus, and Toshiba laptops; demonstration planned for Black Hat DC next week. By Kelly Jackson Higgins

A Vietnamese researcher will demonstrate at Black Hat DC next week how he and his colleagues were able to easily spoof and bypass biometric systems that authenticate users by scanning their faces.

The researchers cracked the biometric authentication embedded in Lenovo, Asus, and Toshiba laptops by spoofing the biometric systems with everything from a photo of the authorized user to brute-force hacking using fake facial images. They successfully bypassed Lenovo's Veriface III, Asus' SmartLogon V1.0.0005, and Toshiba's Face Recognition 2.0.2.32 -- each set to its highest security level -- demonstrating vulnerabilities in the systems that let an attacker cheat them with phony photos of the legitimate user and gain access to the laptops.

These Windows XP and Vista laptops come with built-in webcams that work with the facial-recognition technology. This form of authentication is considered more convenient than fingerprint scans and more secure than traditional passwords. The software scans the user's face and stores the images and facial characteristics. Then the user can log in by scanning his or her face, which is then matched against the image data.

The researchers were able to bypass the authentication system not only by using a photo of the authorized user, but also by creating multiple phony facial images. "The mechanisms used by those three vendors haven't met the security requirements needed by an authentication system, and they cannot wholly protect their users from being tampered," the researchers wrote in their paper on the hack.

One of the researchers, Nguyen Minh Duc, manager of the application security department at the BKIS (Bach Khoa Internetwork Security Center) at Hanoi University of Technology, will demonstrate the hack at Black Hat, as well as the tool he and his colleagues developed.

"There is no way to fix this vulnerability," Duc says. "Asus, Lenovo, and Toshiba have to remove this function from all the models of their laptops ... [they] must give an advisory to users all over the world: Stop using this [biometric] function."

An attacker can edit and adjust the lighting and angle of a phony photo to ensure the system will accept it, according to the researchers. "Due to the fact that a hacker doesn't know exactly how the face learnt by the system looks like, he has to create a large number of images...let us call this method of attack 'Fake Face Bruteforce.' It is just easy to do that with a wide range of image editing programs at the moment," they wrote in their paper.

"One special point we found out when studying those algorithms is that all of them work with images that have already been digitalized and gone through image processing. Consequently, we think that this is the weakest security spot in face recognition systems, generally, and access control system of the three vendors, particularly."

Share |

blog comments powered by Disqus

technology

Brothel Without Walls

17 jul | How will history, literature, and art be passed down to the next generation asks CHRISTNE ROSEN, who chronicles the decline of the written word and likens Photoshop to the arming of toddlers with dynamite. . . read more

German Youth Would Vote Pirate Party Into Parliament

21 sep | German Youth Would Vote Pirate Party Into Parliament . . read more

38 Cute Animals, 1 Cool Screen, 8 Different Uses

20 feb | The Samsung UltraTouch has a huge, beautiful screen, with many many many uses. Here are some of them . . read more

RIP! A Remix Manifesto

1 jul | Filmmaker Brett Gaylor explores issues of copyright in the information age, mashing up the media landscape of the 20th century and shattering the wall between users and producers.

. . read more

Digital Decay

30 mar | This quote is taken from Douglas Davis' essay, "The Work of Art in the Age of Digital Reproduction," which argues (in part) that unlike analogue signals, which are like waves crashing upon a beach and losing clarity with every ebb of the tide, digital bits "can be endlessly reproduced, without degradation, always the same, always perfect." This video is an animation of the process of saving an image file in continuously lower file formats over hundreds of times. . . read more

Computer Says No

27 jun | What's more important, the quality of a decision or who makes it? This is an academic question for most people, but what about the day when machines take over from people in matters of life and death? . . read more

Over Indulgent Architecture - by Alex Slater

4 aug | At what point did the business of education eclipse the education of business? This question was until recently rhetorical, however, thanks to the University of Technology’s latest proposed development it is becoming apparent that educational facilities would rather invest exorbitant amounts of money into establishing prestige than aiding staff and students alike. According to Ross Milbourne (UTS vice-chancellor) the $170 million, twelve storey act of self indulgence will be “the most significant piece of architecture in Sydney since the opera house”.

Naturally the building will include an intricate system of “pulsating” LED lights (a nod to the unforgettable Beijing ‘Water Cube’) so far the only part of this project “pulsating” is in the sweaty palm of Ross Milbourne enjoying a fit of masturbatory ecstasy. . . read more

The end of Textbooks

4 sep | The end of Textbooks . . read more

Formula One Classic Battles

18 sep | Motor racing's team McLaren are busy diffusing the blame in the Formula One spying row. There was an era when F1 wasn't about spying... it was about plying... genuine playboy daredevils plying their trade to amuse, thrill and inspire legion of fans worldwide. . . read more

Ron Paul on Why Bankster Power Must be Eradicated

It is imperative that the American people be educated on the dangers of the Fed and the importance of restoring sound money. Now that nearly 50 years have elapsed since silver was removed from circulation, fewer and fewer Americans have firsthand familiarity with real money.

The laying of the groundwork must begin today, so that the American people will be prepared for the day when the mirage the Fed has created evaporates completely.

Chinese army general calls for 'decisive action' vs PH

China should launch "decisive action" against the Philippines to reinforce Beijing's claim on the disputed Scarborough Shoal, a hardline Chinese army general said Friday.

People's Liberation Army (PLA) Major General Luo Yuan, in a commentary published by state-owned website china.org.cn, said China has not abandoned the idea of "war at all costs" to protect its interests.

"'Peaceful rise and 'period of strategic opportunity' preclude war," said Luo, who has been described by Western media as "hawkish" for his ultranationalist views.

"It is incorrect to assume that China will completely rule out military action in any event during this 'period of strategic opportunity,'" he said, referring to Beijing's dispute with Manila.

Think Again From The Outsider

The great challenge facing everyone who wants to change the world we live in is how do you get traction for your ideas? Gunter Pauli the inventor of the ‘blue economy’ has a novel approach. His missionis to develop globally 100 manufacturing innovations with viable business models that could generate 100 million jobs in 10 years. All with zero emissions and no waste.

The novelty? To drive this revolution in an economic framework that will attract investors and governments in entrepreneurial partnerships that feed self-interest while revolutionising outcomes – particularly in relation to carbon.

The blue economy was initially a report to the Club of Rome recommending innovations inspired by science and biometrics. This is a truly cool equation. Science + Economics = A Better Future.

The Really Big Apple

Recently it was announced that Steve Jobs had an FBI file that detailed his personality, how he ran his company and the possibility that he would be appointed to George Bush Sr.' s government.

What is more interesting about Apple at the moment is the $100bn in cash reserves it's accrued and what it might use them for.

End world hunger?

Take over other companies?

Pay its suicidal employees more?

Whatever it chooses, we should really stop focussing on Jobs' genius and start thinking about how the wealth his genius created can be spent for good.

The Future of Trust - From The Outsider

The images of senior Australian politicians being bundled into cars to escape the threat of indigenous demonstrators confirms how weak the post-apology environment is in Australia. The whole point of the apology was not to say 'sorry' but to build a new platform for the positive evolution of indigenous Australians. The apology created a climate of trust but the ignoble inaction that has followed, apart from proposed tinkering with the Australian constitution, has destroyed the platform and the belief in the trustworthiness of political process. Can't we (non-indigenous Australians) actually do something? Something communal not bureaucratic, spiritual not gestural – something that shows that we care.

Abbott says "sink or swim, or do both"

Tony Abbott has released a radical plan to combat the asylum seeker crisis by proposing to send all boats, regardless of their seaworthiness, back to Indonesia.

Abbott in a prepared statement said, "I was inspired by Split Enz."

"The band tell a story, entitled ‘Six Months on a Leaky Boat,' of a man who survived a full half a year on a sinking vessel."

"If we can replicate that achievement there shouldn't be a problem."

The UNCHR has hit back at the proposal saying it breeches international law.

A UN representative said, "We would expect Mr. Abbott to follow the long-held precedent of giving us the asylum seekers to wallow for decades in refugee camps without any chance of resettlement."

"That is the law after all."

Is it such a gamble? From The Outsider

The dithering about whether or not to bring in limitations on how much you can lose on the pokies is just another example of Australian government policy waiting for a leader. Think about smoking. It took until the late 'eighties for governments to grasp the nettle and begin to clamp down on people's freedom to smoke (and kill themselves – if not others). Twenty five years later you wonder why legislation was so slow to come in for a policy that today looks like a no-brainer. Most habitual smokers, like myself, secretly welcomed preventative legislation and I have no doubt that people hooked on the pokies will welcome the social changes that are so long overdue.