The Flaws and Dangers of Facial Recognition

The Flaws and Dangers of Facial Recognition

The best way to prevent your facial identity from being stolen is to limit it to airport and border security use cases

When dealing with airport and border security, we need databases, we need to share information and we need law enforcement. However, for day-to-day authentication use cases like IoT, we should resort to physiologic biometrics that rely on unique live signals. Such live signals allow for effective authentication while at the same time protecting privacy and democracy.

Problem: Facial Recognition Can be Spoofed and Hacked

By 2020 it is expected that more than one billion smartphones will feature facial recognition solutions (Counterpoint Research). In 2017, when Apple announced Face ID would be one of the newest features incorporated into the iPhone X model, it was not long before mobile phone companies followed suit. Users merely look at their smartphone screen and it unlocks, creating the most contactless mobile authentication to date. It quickly surpassed the coveted fingerprint authentication. However, it did not come without flaws.

Quickly becoming ubiquitous, study after study exposed vulnerabilities in facial recognition. Researchers from the University of Toronto were able to use adversarial learning to beat a neural net using another neural net. According to the study, by adjusting only a few pixels at the corner of a person’s eye or mouth would be unrecognizable to the facial recognition technology. Apple has set the highest standard for facial recognition with Face ID, developing a second camera called the “True Depth Camera,” which maps your face and takes special 3D pictures that are used to authenticate you with an infrared camera, flood illuminator and dot projector. However, not every device can withstand extensive tests. Dutch organization Consumentenbond found that 42 out of 110 devices tested were unlocked by using a picture of the device’s owner. Lenovo/Motorola, LG, Nokia, Samsung, and BlackBerry were all compromised.

Not only has facial recognition been spoofed and hacked, but the use of databases has added vulnerabilities, including widespread breaches. In 2018, there were many soon-to-be historic data breaches— how can we trust our facial identity is protected in this climate? Another important question: what’s stopping big companies from selling this information to the highest bidder? Nothing. In fact, Amazon offers Face Rekognition, which allows clients to build their own facial recognition system. According to Amazon’s blog post, Washington’s sheriff office has been using Amazon Rekognition since 2016 to “reduce the identification time of reported suspects from two to three days down to minutes and had apprehended their first suspect within a week by using their new system.”

Facial recognition databases can compromise democracy or be used for big data—or far worse—they can be wrong. According to a study done by the ACLU, Amazon’s Face Rekognition software incorrectly matched 28 members of Congress, identifying them as people previously arrested for a crime. Out of the 28 members of Congress wrongly identified, 40 percent of them were people of color.

Solution: Resort to Physiologic Biometrics for Everyday Use Cases to Protect Facial Identity

Facial recognition has the potential to be dangerous. In practice, we see that it can be hacked or spoofed, databases can be breached or sold, and sometimes it’s just not effective; as such, we should restrict facial recognition to viable use cases like airport and border security. In the example of airport and border security, we need facial recognition technology to use databases to make sure someone boarding a plane is not on a no-fly list. This will uphold a level of security we expect when traveling. Security and safety are not synonymous. As a society, we need to define which biometric solution will be the most successful for each given use case.

When we talk about biometric authentication for the IoT, we need to act safely, as all connected devices are susceptible to online threats. We cannot rely on facial recognition that is easily compromised by a mere picture of the device’s owner or tricked by an adversarial neural net. And, further, what is to happen if someone steals your facial identity? You can’t simply “cancel” your face like you would a stolen credit card.

We turn to the brain for answers. According to an article in Fast Company, researchers from Binghamton University used a combination of how the human brain reacts to stimuli along with the unique brain structure to create a “brain password,” a biometric solution relying on the brain’s “inexhaustible source of secure passwords.” Still in its infancy, this technology is contingent on 32 electrical sensors placed on one’s head; in the future these sensors can be put in a headset to compute accurate readings. However, there are other, less invasive ways to obtain this neural information. We can capture neuro-muscular data with high sensitivity kinetic sensors using Micro-Electro-Mechanical Systems (MEMS) present in standard mobile devices. Extracting this information can yield a stable and unique neural signature with the potential to act as our key to the IoT.

At Aerendir we believe the future of biometrics should be as frictionless as facial recognition, but as strong as “brain passwords;” with this in mind, NeuroPrint was born. While our NeuroPrint technology can extract a unique neural signal from any muscle in the body, we started with the hands due to their connection to mobile devices. We are currently focused on adding sensors and microcontrollers into the seat of a car—the possibilities are endless.

The body can truly become our own personal password, our digital identity. Our brain provides a solution that authenticates, while at the same time shielding us from preying actors. Because if our neural signal is equivalent to a one million character-long password, we can safely encrypt all of our activities and communications if we were to decide to do so.

Of course, there are other physiological biometrics that could be used, including heartbeat and voice, but using the physiological signals of the body seems to be the most promising and SAFE way to avoid the associated dangers.

Safety is not security. The IoT needs safety. Safety is, by definition, something we as users should control. The IoT has to be usercentric to be the powerful tool it is bound to be; it should never become the door of a prison, which it could potentially become if we allow facial recognition to enter every facet of our lives.

This article originally appeared in the March 2019 issue of Security Today.

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Making Safety and Security Intrinsic to School Design

    Public anxieties about school safety are escalating across the country. According to a 2023 Gallup report, 44% of parents fear for their child’s physical safety at school, a 10 percentage-point increase since 2019. Unfortunately, these fears are likely to increase if the incidence of school tragedies continues to mount. As a result, school leaders are now charged with two non-negotiable responsibilities. The first, as always, is to ensure kids have what they need to learn, grow, and thrive. Sadly, their second responsibility is to keep the children in their care safe from threats and physical danger. Read Now

  • The Power of a Layered Approach to Safety

    In a perfect world, every school would have an unlimited budget to help secure their schools. In reality, schools must prioritize what budget they have while navigating the complexities surrounding school security and lockdown. Read Now

  • How a Security System Can Enhance Arena Safety and the Fan Experience

    Ensuring guests have both a memorable experience and a safe one is no small feat for your physical security team. Stadiums, ballparks, arenas, and other large event venues are increasingly leveraging new technologies to transform the fan experience and maintain a high level of security. The goal is to preserve the integrity and excitement of the event while enhancing security and remaining “behind the scenes.” Read Now

Featured Cybersecurity

Webinars

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3