Facial Recognition Security in the Era of Deepfake

Facial Recognition Security in the Era of Deepfake
used with permission from Tektonika (HP)
by Carrie Dagenhard

With a few free mobile apps and a little spare time, you can now find out what you would look like in thirty years or as a different gender. You can also virtually try on makeup, discover your celebrity doppelgänger, or transform yourself into an animated animal.

What a time to be alive.

In recent years, we've experienced a proliferation of facial recognition applications across the board, from the realm of entertainment to border customs. And while most of us welcome the amusement and convenience this technology can offer, facial recognition security is a growing concern.

Here's a brief overview of the positive, negative, and downright horrifying implications of facial recognition software and how to protect your organization.

The good, bad and ugly of facial recognition software

Face recognition tech has plenty of benefits. For example, you can use it to unlock your phone, access your bank account, or tag friends in Facebook photos. Law enforcement agencies around the world are using the tech to combat terrorism and identify criminals. Tech titan Alibaba is testing a facial recognition for payments, which could help streamline checkout processes and reduce credit card fraud.

But, so far, it's not foolproof—nor is it always 100 percent accurate. And from the moment facial recognition software emerged, IT professionals began identifying potential biometric security risks. Eventually, those vulnerabilities were exploited.

In the spring of 2019, a malicious cyber attack on U.S. Customs and Border Control (CBP) gave criminals access to traveler's photos and other personal data, according to Wired. And even though the hack compromised hundreds of gigabytes of data (much of which landed on the dark web in the days following the attack), CBP stands by its technology and continues to use it today.

And then there's deepfaking—using AI-powered software to alter video content with almost imperceptible realism. Generally, this involves superimposing someone's face onto existing footage. A deepfake can be used for entertainment purposes (like this mash-up of Jennifer Lawrence and Steve Buscemi), or something more nefarious, like creating videos to sway public opinion, blackmail people, or even subvert democracy. And while original deepfakes were easy to detect, the technology is rapidly growing in both accessibility and sophistication.

How to strengthen facial recognition security

As an IT leader, face recognition software is a double-edged sword. On one hand, it can help improve security. For example, you can use the tech to lock down devices or spaces and grant access only to those who are authorized—something you couldn't otherwise guarantee when people can easily share passwords.

But on the other hand, saving mapped versions of people's faces presents an enormous biometric security risk. That's because even advanced facial recognition security isn't as strong as one would hope—at least not yet. For example, Dutch organization Consumentenbond found that 42 out of 110 devices could be unlocked with the user's photo, according to Security Today. And if someone wanted to go to the trouble, a 3D print could work even better for tricking face recognition systems.

Here are two ways you can protect your organization:
  1. Implement multi-step authentication
    Facial recognition isn't perfect, but it's much stronger when it requires additional credentials. For example, asking users to enter their password, scan a badge, scan a thumbprint, or enter a code to access specific areas or devices can make a difference. In addition to implementing systems at the organization level, you could also encourage employees to set up two-step verification on their personal devices, especially if they use those devices for work or to access your network.
  2. Secure all endpoints
    Another critical step you can take is prioritizing endpoint security. Start by updating all devices that are connected to your network with maximum safety protections. As you replace outdated technology, choose products that integrate with your existing network security measures and ones that are designed to withstand new threats. For example, when you're investing in a new printer, choose one that offers features like threat detection, controlled access, and data encryption.
For better or for worse, facial recognition technology is here to stay. And in the coming years, we can expect plenty of exciting new benefits and dread-inducing drawbacks. By taking the proper measures proactively, you can ensure that your environment is protected from these rising threats.
www.gwtis.com   |  605.348.6529  |  1-800-529-0111