Gabriel Gonzalez, Director of Hardware Security, and Alejo Moles, Security Consultant, explore various techniques to bypass facial recognition algorithms in this IOActive Labs blog.
The use of facial recognition systems has become pervasive and ubiquitous on mobile phones and making significant inroads in other sectors as way to authenticate end users. These technologies rely on models created from an image or facial scan, selecting specific features that will be checked in a live environment against the actual user or an attacker. The algorithms need be accurate enough to detect a spoof attempt but flexible enough to make the technology useful under different lighting conditions and given normal physical changes in the legitimate users. As the technology continues to evolve and expand into more implementations, we need to acknowledge that there is plenty of room for improvement, and the need to be vigilant with security.