Dating apps aren’t that hard to fool with altered biometrics: researcher
A Stanford University researcher has used a generative adversarial network to exploit face biometrics vulnerabilities in two popular dating apps.
Given the potentially very negative outcomes possible with fraudulent data in online profiles of all kinds, there is clear interest in detecting and booting the imposters.
The goal was not simply to fool a verification gatekeeper but to do so with a digital photo that had been altered enough that it was a qualitatively different image.
In fact, the biometric spoofing technique reportedly was able to get around some verification software by using an image of a young man that had been altered to show a nominally female image, according to researcher Sanjana Sarda in a new preprint paper.
Sarda focused on apps Bumble and Tinder, which require would-be subscribers to take a picture of themselves using their in-app camera. That image is compared to other photographs that the person submits for uploading to the account.
In the research, she was able to generate images with feature vectors similar to the genuine article.
A StyleGAN v2 pre-trained model was used on the user dataset to manufacture an alternative image that was obviously different than images in the training set. It is noteworthy that Sarda used images of herself rather than previous model and volunteers’ photos.
The gender-swapped images did not sail through verification.
It took two attempts (the second try included changed lighting conditions) to bypass Bumble’s defenses. Tinder was not fooled. Both, however, were beaten by images that did not try to represent the incorrect gender.
Biometrics providers are working on better systems.
Startup Nametag says it can make online relationships, including dates and hookups, less fraught. Executives say they can secure user accounts with real-time identity-based biometric verification.
The product is built on physical identification documents, a photograph to be compared against government ID, information behaviors and the customer’s consent before sharing any data.
Another verification firm, Sum and Substance (also marketed as sumsub) claims in a blog post examining romance scams that its software can perform four important tasks on users in less than a minute: document verification, liveness and face matching, behavioral fraud pattern detection and biometric face authentication.