March 20, 2015 -
Facial authentication security methods used by banking and other apps can be easily spoofed using a high quality video of a person’s face, according to a report by Popular Science.
Technology writer Dan Moren shot a brief video clip of himself, while making sure that he blinked during the video so that the app would mistake the video for a real-live human.
When the banking app prompted him to look into the camera for the facial authentication-based login, he positioned the phone’s front-facing camera in front of a monitor displaying the video.
Surprisingly, the spoofing tactic successfully logged Moren into his banking account. In doing so, Moren makes a convincing argument that facial recognition should not be used for biometric authentication since photos and videos of faces can be easily found on the Internet.
Few apps currently use facial authentication as a security measure. However, at the CeBIT trade fair, Alibaba Group Holding Ltd. CEO Jack Ma demonstrated a new facial recognition solution the company is developing for mobile payment system Alipay, which will be launched later this year.
Moren suggests companies to use other biometric authentication methods, such as two-factor authentication, voice recognition, and fingerprint recognition, as they “are just as easy to implement but don’t rely on something that’s quite so public.”
However, as face recognition software continues to improve, the technology will likely become more difficult to hack.