FaceTec triples scope and payout in Spoof Bounty to thwart biometric liveness attacks
FaceTec has expanded its Spoof Bounty to both iOS and Android operating systems and tripled the total payouts available from $200,000 to $600,000 to help it identify potential vulnerabilities in biometric liveness detection.
Participants hunt for ways to defeat Facetec’s 3D Liveness software in real-world conditions, demonstrating and improving upon its security in real-world conditions, not just in the lab, the company says. Rewards are paid out for any spoof or camera bypass attack that beats the system.
The company informed Biometric Update that about 10,000 people have participated in the program, including professors, competitors, government agencies and hackers. Two $30,000 bounties were paid about two and a half years ago for Level 1 attacks.
They revealed that certain kinds of screens could pose a problem when manipulated in a certain way, so FaceTec retrained its neural network models to catch this particular attack. The company has also learned from unsuccessful attempts, mostly about the popularity of different attack methods.
“We put our AI to the test so that users of the FaceTec software can be shown – and not just told – just how secure FaceTec’s 3D Liveness Detection is,” says Kevin Alan Tussy, FaceTec CEO. “We don’t hide our product behind ‘Request A Demo’ forms. FaceTec stands behind its 3D Liveness software in a way that no 2D Liveness vendor will ever be able to replicate. After rebuffing more than 130,000 bounty program attacks over the last three years, we’ve learned a tremendous amount about potential threat vectors and how to stay ahead of them.”
The Spoof Bounty program operates at five levels, the first three covering spoof artefacts of increasing complexity, and the last two addressing bypasses. Level 4 is for decrypting and editing the contents of the 3D ‘FaceMap’ with synthetic data, while Level 5 is for successfully taking over the camera feed and injecting images, in each case leading to a Liveness Success response.
The program doubled in investment from $100,000 to $200,000 last year.