Def Con contest pits hackers against facial recognition systems
A new contest was announced at the hacker convention Def Con in Las Vegas, pitting teams against each other as they try to spoof facial recognition systems.
Organized by artificial intelligence (AI) security company Adversa AI, the event is part of the machine-learning security evasion competition that has been a regular institution of the AI Village at Def Con since 2019.
The challenge opened on 12 August and will run until 23 September. Participants have been given online access to ten headshot sets of celebrities and a facial recognition model trained to recognize them.
They were then instructed to subtly modify the images to trick the system into identifying each celebrity as each of the other celebrities. All files need to be submitted to the competition organizers, who will assess the effectiveness of the deception based on a probability score between 0 to 1.
The competition’s winner will have to publish its techniques with the idea that they may help the industry close potential gaps.
Zoltan Balazs, head of the vulnerability research lab at software company Cujo AI, one of the competition’s organizers, told IEEE Spectrum he hopes the event will help spread awareness regarding the vulnerabilities of face biometric systems.
Some real-life examples of fraudsters spoofing facial recognition systems for financial gain have already been reported. For instance, face biometrics algorithms by identity-verification company ID.me have been reportedly spoofed to verify fake driving licenses as part of a U.S. $2.5 million unemployment fraud scheme.
“It’s very easy and fast to do for attackers with enough motivation,” Adversa CTO Eugene Neelou tells IEEE Spectrum. “Our engagements show that some of the best facial-recognition vendors demonstrate little to no security against adversarial input modifications.”
For instance, recent research data from Israeli researchers showed that fabric face masks covering the nose and mouth and printed with adversarial patterns evaded facial recognition systems more than 96 percent of the time.
At the same time, companies and governments are actively working to improve and anti-spoofing abilities of facial recognition systems. A camera recently developed by Sony, for example, is designed to protect against image manipulation and spoof techniques like face morphing.