Facial recognition is being widely promoted as a solution to physical access control but we were able to simply spoof 3 systems because they had no liveness detection.
The image below is an example of how it works. If a person is in a facial recognition system, often you can trick the system by simply holding up a photo of that person.
When the 'key' is your 'face', being able to use a photo of a face to copy the 'key' is a significant risk.
In this post, we explain:
- What the problem is
- How we were able to spoof them
- Examples of providers who failed
- What the risks are of using such systems
- What methods are used to detect liveness