Slashdot Mirror


Biometric Face Recognition Exploit

clscott writes "A researcher at the U. of Ottawa has developed an exploit to which most biometric systems are probably vulnerable. He developed an algorithm which allows a fairly high quality image of a person to be regenerated from a face recognition template. Three commercial face rec. algorithms were tested and in all cases the image could masquerade to the algorithm as the target person. Here are links to a talk and a paper. Unfortunately, biometric templates are currently considered to be non-identifiable, much like a password hash. This means that legislation gets passed to require hundreds of millions of people to have their biometrics encoded onto their passports. This kind of vulnerability could mean that anyone who reads these documents has access to the holders fingerprint, iris images, etc."

13 of 188 comments (clear)

  1. This problem is solved by redundancy by NumberField · · Score: 5, Funny
    This isn't a problem because most people have extras of the body parts used for most biometric schemes. For example, you probably a large supply of fingers (about ten), so it doesn't matter if a few get compromised. Similarly, if you have two eyes, it's not a big deal if your retinal print becomes known to bad guys.

    (P.S. Please no replies from humor-impaired folks.)

    1. Re:This problem is solved by redundancy by gerf · · Score: 4, Funny

      This isn't a problem because most people have extras of the body parts used for most biometric schemes. For example, you probably a large supply of fingers (about ten), so it doesn't matter if a few get compromised. Similarly, if you have two eyes, it's not a big deal if your retinal print becomes known to bad guys. (P.S. Please no replies from humor-impaired folks.)

      I don't get it. The way you're talking isn't in a standard joking format at all. Maybe you Canadians have a different sense of humor?

    2. Re:This problem is solved by redundancy by stefanlasiewski · · Score: 4, Funny

      I don't get it. The way you're talking isn't in a standard joking format at all. Maybe you Canadians have a different sense of humor?

      Yeah really.

      In the States, all of our humor formats have been standardized by the Department of Homeland Security. Currently, I'm 80% done with my ISO9666 humor certification. When I'm done, everyone will be able to understand and interface with my humor.

      --
      "Can of worms? The can is open... the worms are everywhere."
    3. Re:This problem is solved by redundancy by Xzzy · · Score: 5, Funny

      I'm sorry, go back and read chapter two, where they talk about humor types by geographic region. Your above intended format falls into "excessively dry", which if my memory serves is a method perfected, and quite jealously defended, by the British.

      American humor is expected to involve either bodily functions or blonde women.

      Failure to employ region-appropriate humor will potentially flag you for review as a potential terrorist.

    4. Re:This problem is solved by redundancy by nacturation · · Score: 3, Funny
      I don't get it. The way you're talking isn't in a standard joking format at all. Maybe you Canadians have a different sense of humor?

      If you *insist* on American style humor, here it is:

      [audience laughtrack #24]
      --
      Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
    5. Re:This problem is solved by redundancy by YU+Nicks+NE+Way · · Score: 4, Funny

      Please put your tin-foil hat away. The incorrect use of humor will not flag anyone for review as a potential terrorist. There is no reason to be concerned that we will interfere with any humor-related deviance. It is only in those cases where individuals with perverted senses of so-called humor that pose a threat to our national security (as determined by our objective and reproducible criteria), and who aver themselves unwilling to participate in our voluntary humor-retraining camps, who will be marked for review. In order to reduce the number of individuals whose privacy will be sacrificed to review, we will use only publicly available data. In order to incentivize those who will be encouraged to attend humor-improvement camps, we intend to locate them in tropical locations near to the ocean, but not on US territory.

  2. paranoia by klokwise · · Score: 5, Funny

    maybe i should extend my tin-foil hat to a tin-foil facemask and a pair of shiny gloves... that way they'll never recognise me!

  3. Old News by fobbman · · Score: 4, Funny

    The fallibility of biometric systems has been widely known since a scientific expose was released on the topic no less than five years ago.

  4. Re:At least a good guy discovered this by gregmac · · Score: 3, Funny
    It just goes to show that no matter what, things can be hacked/bypassed/etc somehow.

    Not anymore, Palladium is here to save us.

    --
    Speak before you think
  5. x10 Get your Biometric Face Master Template by bugsmalli · · Score: 3, Funny

    **Guy snooping on a girl sunbathing**

    Want to snoop on your neighbor?? Want to trespass?? Want to know if there are Aliens at Area 51???

    GET YOUR OWN BIOMETRIC FACE MASTER TEMPLATE. Guaranteed to *FOOL* all Biometric Scanners. Get the *NEW* and *IMPROVED* BIOMETRIC FACE MASTER TEMPLATE from X10. It will even fool our OWN SECURITY CAMERA!!! Our NEW special offer, buy one BFMT and get PRE-APPROVED Bail for FREE (good for 5000 dollars) ORDER NOW!!!

  6. Re:One thing that is missing from "the spoof" by Emugamer · · Score: 5, Funny

    Biometric analysis equipment $250,000
    Staff time to implement new security procedures $12500
    Sledge hammer: $25
    Expression on the Project Manager's face after he realized he should have installed a better door: Priceless

  7. Better Than by somethinghollow · · Score: 3, Funny

    At least I don't have to cut someone's fingers off/eyes out/head off/etc. to get past these types of security measures any more.

    Whew! What a relief.

  8. Oh, really? Didn't Roger Wilco already do this? by willith · · Score: 3, Funny

    "He developed an algorithm which allows a fairly high quality image of a person to be regenerated from a face recognition template..."

    This kinda reminds me of the part in Space Quest III, where you gain access to the restricted area inside ScumSoft by holding up a xeroxed picture of the CEO's face to the facial recognition scanner.