|Facial Recognition Security in the Era of Deepfake|
|used with permission from Tektonika (HP)
by Carrie Dagenhard
With a few free mobile apps and a little spare time, you can now find out what you would look like in thirty years or as a different gender. You can also virtually try on makeup, discover your celebrity doppelgänger, or transform yourself into an animated animal.
What a time to be alive.
In recent years, we've experienced a proliferation of facial recognition applications across the board, from the realm of entertainment to border customs. And while most of us welcome the amusement and convenience this technology can offer, facial recognition security is a growing concern.
Here's a brief overview of the positive, negative, and downright horrifying implications of facial recognition software and how to protect your organization.
The good, bad and ugly of facial recognition software
Face recognition tech has plenty of benefits. For example, you can use it to unlock your phone, access your bank account, or tag friends in Facebook photos. Law enforcement agencies around the world are using the tech to combat terrorism and identify criminals. Tech titan Alibaba is testing a facial recognition for payments, which could help streamline checkout processes and reduce credit card fraud.
But, so far, it's not foolproof—nor is it always 100 percent accurate. And from the moment facial recognition software emerged, IT professionals began identifying potential biometric security risks. Eventually, those vulnerabilities were exploited.
In the spring of 2019, a malicious cyber attack on U.S. Customs and Border Control (CBP) gave criminals access to traveler's photos and other personal data, according to Wired. And even though the hack compromised hundreds of gigabytes of data (much of which landed on the dark web in the days following the attack), CBP stands by its technology and continues to use it today.
And then there's deepfaking—using AI-powered software to alter video content with almost imperceptible realism. Generally, this involves superimposing someone's face onto existing footage. A deepfake can be used for entertainment purposes (like this mash-up of Jennifer Lawrence and Steve Buscemi), or something more nefarious, like creating videos to sway public opinion, blackmail people, or even subvert democracy. And while original deepfakes were easy to detect, the technology is rapidly growing in both accessibility and sophistication.
How to strengthen facial recognition security
As an IT leader, face recognition software is a double-edged sword. On one hand, it can help improve security. For example, you can use the tech to lock down devices or spaces and grant access only to those who are authorized—something you couldn't otherwise guarantee when people can easily share passwords.
But on the other hand, saving mapped versions of people's faces presents an enormous biometric security risk. That's because even advanced facial recognition security isn't as strong as one would hope—at least not yet. For example, Dutch organization Consumentenbond found that 42 out of 110 devices could be unlocked with the user's photo, according to Security Today. And if someone wanted to go to the trouble, a 3D print could work even better for tricking face recognition systems.
Here are two ways you can protect your organization: