Skip to main content

Your Facebook photos could be betraying important biometric data

facial recognition gyfcat race fbi face mugshot 970x644g
National Institutes of Health
Americans aren’t yet sold on biometrics when it comes to their digital security, and now, it looks like there’s good reason behind their skepticism. At the Usenix security conference earlier this month, researchers in the security and computer vision fields from the University of North Carolina suggested that all it takes to get past certain facial recognition technology is some Facebook stalking and 3D rendering.

In conducting its research, the UNC team gathered photos of 20 volunteers from online sources — think your Facebook page, LinkedIn profile, and the like. Researchers then created 3D models of the subjects’ faces, added facial animations, and slightly adjusted their eyes to look directly at the camera. If they didn’t have photos that showed a volunteer’s full face, they improvised, recreating the missing parts and even embellishing with shadows and textures. Even though some of the subjects were remarkably hard to track down online (being security researchers themselves), the UNC team was able to use just a few low-resolution photos to create a model accurate enough to fool some facial recognition systems.

Related Videos

In fact, the scientists met with success in four out of the five systems they tried to hack. “We could leverage online pictures of the [participants], which I think is kind of terrifying,” said True Price, a study author who works on computer vision at UNC, in an interview with Wired. “You can’t always control your online presence or your online image.” And apparently, that means that your biometric data is virtually up for grabs.

All five of the systems tested — KeyLemon, Mobius, TrueKey, BioID, and 1D — are available on the Google Play Store and the iTunes Store. While Google previously warned that similar software “is less secure than a PIN, pattern, or password,” as “someone who looks similar to you could unlock your phone,” it may be even easier than previously thought.

You can check out the full details of how the UNC researchers pulled off their hack in their paper, published here.

Editors' Recommendations

Federal bill would ban corporate facial recognition without consent
Facial Recognition

Senator Jeff Merkley, D-Ore., introduced a bill on Tuesday to prevent private corporations from collecting facial recognition data without people’s consent. 

Merkley’s National Biometric Information Privacy Act of 2020 calls for explicit written consent from a person or customer before a business can use and collect biometric information. The act also prohibits a private entity from selling, leasing, or using the biometric data for advertising purposes or any other purpose that profits that business. 

Read more
Facebook says iOS 14’s new privacy tools could harm its ad business
apple ios 14 beta hands on review siri icon

Apple has made it even more difficult for developers to mine your data on iOS 14. One of the new additions prevents advertisers from covertly tracking you across nearly all apps and websites, and Facebook, for one, is not looking forward to it.

On Facebook’s second-quarter follow-up earnings call, David Wehner, the company’s chief financial officer, called the forthcoming update a “headwind” and said it will “make it harder for app developers and others to grow using ads on Facebook and, really, outside of Apple, to some extent.”

Read more
Facebook ordered to pay $650 million in facial recognition lawsuit
The Facebook home page on a screen.

A federal judge has ordered Facebook to pay $650 million -- $100 million more than originally agreed -- to settle a 2015 facial recognition lawsuit, according to a Wednesday court filing.

The federal judge assigned to the case said the original payment amount of $550 million did not properly punish the social network for its wrongdoings, Fortune reported.

Read more