University of North Carolina researchers say they have developed a virtual reality (VR)-based cyberattack that can reproduce the human face well enough to trick face-authentication systems.
Like an attacker or a stalker, the researchers examined social media and ran image searches of 20 test participants. On average, they found between three to 27 photos per person online, then created three-dimensional (3D) models of their faces, added any missing areas or textures, and made additional tweaks, such as correcting gaze and adding facial animations such as frowning and smiling.
In a test involving the KeyLemon, Mobius, True Key, BioID, and 1U face-authentication systems, the researchers reported every system failed when presented with 3D renderings created from indoor head shots, while attacks spoofing faces from social media photos had varying success rates.
"VR-based spoofing attacks constitute a fundamentally new class of attacks that point to serious weaknesses in camera-based authentication systems," the researchers say. "Unless they incorporate other sources of verifiable data, systems relying on color image data and camera motion are prone to attacks via virtual realism."
From Network World
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found