The researchers gathered pictures of 20 volunteers from on-line sources – only like an electronic identity thief or a stalker would try to do. Next, they created the 3D faces of the subjects, added some facial cartoons using VR, so it seemed like they were looking at the camera changed the eyes. There were instances where they couldn’t discover even one picture revealing the entire face that is subject’s. They solved this problem by recreating the missing parts – feel, shadows and all.
Some of the volunteers were security analysts and the research team could just find three or 2 low quality pictures of them online. Because the 3D faces made had shadows and could also go a little, they had the ability to deceive 4 out of 5 facial recognition logins examined with a success rate of 55% to 85%. True Cost, among the members of the research team said during presentation at Usenix security seminar:
“Some sellers — Microsoft with its Windows Hello applications — have commercial options that leverage alternative hardware. [In Hello’s instance, that hardware is Tobii’s eye tracking camera.] Nevertheless, there’s always a price-advantage to adding hardware, and hardware vendors will have to determine whether there’s enough demand from and gain for consumers to add specialized parts like structured light projectors.” or IR cameras
How can we distinction between a 3D face and a real? Well an actual face gives off infrared radiation and a system that finds it could be used for added security.
Do you use facial recognition login? Tell us what you feel after this study!