Biometric Face Recognition Exploit

clscott writes "A researcher at the U. of Ottawa has developed an exploit to which most biometric systems are probably vulnerable. He developed an algorithm which allows a fairly high quality image of a person to be regenerated from a face recognition template. Three commercial face rec. algorithms were tested and in all cases the image could masquerade to the algorithm as the target person. Here are links to a talk and a paper. Unfortunately, biometric templates are currently considered to be non-identifiable, much like a password hash. This means that legislation gets passed to require hundreds of millions of people to have their biometrics encoded onto their passports. This kind of vulnerability could mean that anyone who reads these documents has access to the holders fingerprint, iris images, etc."

This problem is solved by redundancy

[NumberField]

This isn't a problem because most people have extras of the body parts used for most biometric schemes. For example, you probably a large supply of fingers (about ten), so it doesn't matter if a few get compromised. Similarly, if you have two eyes, it's not a big deal if your retinal print becomes known to bad guys.

(P.S. Please no replies from humor-impaired folks.)

Re:This problem is solved by redundancy

[gerf]

This isn't a problem because most people have extras of the body parts used for most biometric schemes. For example, you probably a large supply of fingers (about ten), so it doesn't matter if a few get compromised. Similarly, if you have two eyes, it's not a big deal if your retinal print becomes known to bad guys. (P.S. Please no replies from humor-impaired folks.)

I don't get it. The way you're talking isn't in a standard joking format at all. Maybe you Canadians have a different sense of humor?

Re:This problem is solved by redundancy

[stefanlasiewski]

I don't get it. The way you're talking isn't in a standard joking format at all. Maybe you Canadians have a different sense of humor?

Yeah really.

In the States, all of our humor formats have been standardized by the Department of Homeland Security. Currently, I'm 80% done with my ISO9666 humor certification. When I'm done, everyone will be able to understand and interface with my humor.

Re:This problem is solved by redundancy

[Xzzy]

I'm sorry, go back and read chapter two, where they talk about humor types by geographic region. Your above intended format falls into "excessively dry", which if my memory serves is a method perfected, and quite jealously defended, by the British.

American humor is expected to involve either bodily functions or blonde women.

Failure to employ region-appropriate humor will potentially flag you for review as a potential terrorist.

Re:This problem is solved by redundancy

[nacturation]

I don't get it. The way you're talking isn't in a standard joking format at all. Maybe you Canadians have a different sense of humor?

If you *insist* on American style humor, here it is:

[audience laughtrack #24]

Re:This problem is solved by redundancy

[YU+Nicks+NE+Way]

Please put your tin-foil hat away. The incorrect use of humor will not flag anyone for review as a potential terrorist. There is no reason to be concerned that we will interfere with any humor-related deviance. It is only in those cases where individuals with perverted senses of so-called humor that pose a threat to our national security (as determined by our objective and reproducible criteria), and who aver themselves unwilling to participate in our voluntary humor-retraining camps, who will be marked for review. In order to reduce the number of individuals whose privacy will be sacrificed to review, we will use only publicly available data. In order to incentivize those who will be encouraged to attend humor-improvement camps, we intend to locate them in tropical locations near to the ocean, but not on US territory.

paranoia

[klokwise]

maybe i should extend my tin-foil hat to a tin-foil facemask and a pair of shiny gloves... that way they'll never recognise me!

Re:paranoia

[Emugamer]

Micheal, is that you? I didn't recognize you with two gloves on!

Re:paranoia

[Jeremiah+Cornelius]

Yeah, There was news here a few months ago about this - it does exist.

Problems include a high failure rate when women switched between high-heels and flats, etc...

Re:paranoia

[CVaneg]

Man. I bet John Cleese could make a fortune teaching classes on defeating this system.

At least a good guy discovered this

I'm glad to know that someone legit found this out before it got into the hands of those evil terrorists . Seriously, it's great that these kinds of things are being discovered now. It just goes to show that no matter what, things can be hacked/bypassed/etc somehow.

Re:At least a good guy discovered this

[gregmac]

It just goes to show that no matter what, things can be hacked/bypassed/etc somehow.

Not anymore, Palladium is here to save us.

Old News

[fobbman]

The fallibility of biometric systems has been widely known since a scientific expose was released on the topic no less than five years ago.

x10 Get your Biometric Face Master Template

[bugsmalli]

**Guy snooping on a girl sunbathing**

Want to snoop on your neighbor?? Want to trespass?? Want to know if there are Aliens at Area 51???

GET YOUR OWN BIOMETRIC FACE MASTER TEMPLATE. Guaranteed to *FOOL* all Biometric Scanners. Get the *NEW* and *IMPROVED* BIOMETRIC FACE MASTER TEMPLATE from X10. It will even fool our OWN SECURITY CAMERA!!! Our NEW special offer, buy one BFMT and get PRE-APPROVED Bail for FREE (good for 5000 dollars) ORDER NOW!!!

Re:One thing that is missing from "the spoof"

[Emugamer]

Biometric analysis equipment $250,000
Staff time to implement new security procedures $12500
Sledge hammer: $25
Expression on the Project Manager's face after he realized he should have installed a better door: Priceless

Ident-i-Eeze

There were so many different ways in
which you were required to provide absolute proof of your iden-
tity these days that life could easily become extremely tiresome
just from that factor alone, never mind the deeper existential
problems of trying to function as a coherent consciousness in an
epistemologically ambiguous physical universe. Just look at cash
point machines, for instance. Queues of people standing around
waiting to have their fingerprints read, their retinas scanned, bits
of skin scraped from the nape of the neck and undergoing instant
(or nearly instant - a good six or seven seconds in tedious
reality) genetic analysis, then having to answer trick questions
about members of their family they didn't even remember they
had, and about their recorded preferences for tablecloth colours.
And that was just to get a bit of spare cash for the weekend. If
you were trying to raise a loan for a jetcar, sign a missile treaty
or pay an entire restaurant bill things could get really trying.

Hence the Ident-i-Eeze. This encoded every single piece of
information about you, your body and your life into one all-
purpose machine-readable card that you could then carry around
in your wallet, and therefore represented technology's greatest
triumph to date over both itself and plain common sense.

Douglas Adams

Mostly Harmless

Better Than

[somethinghollow]

At least I don't have to cut someone's fingers off/eyes out/head off/etc. to get past these types of security measures any more.

Whew! What a relief.

Not Surprising In Ottawa

[Synesthesiatic]

A couple of decades ago Ottawa was the world's coldest capital city (I forget what it is now). The saying goes that come it's impossible to tell people apart, because everyone's wearing parkas. Now there's a challenge for facial recognition!

Oh, really? Didn't Roger Wilco already do this?

[willith]

"He developed an algorithm which allows a fairly high quality image of a person to be regenerated from a face recognition template..."

This kinda reminds me of the part in Space Quest III, where you gain access to the restricted area inside ScumSoft by holding up a xeroxed picture of the CEO's face to the facial recognition scanner.