Facial Recognition Systems Fail Simple Liveness Detection Test
Facial recognition is being widely promoted as a solution to physical access control but we were able to simply spoof 3 systems because they had no liveness detection.
The image below is an example of how it works. If a person is in a facial recognition system, often you can trick the system by simply holding up a photo of that person.
When the 'key' is your 'face', being able to use a photo of a face to copy the 'key' is a significant risk.
In this post, we explain:
- What the problem is
- How we were able to spoof them
- Examples of providers who failed
- What the risks are of using such systems
- What methods are used to detect liveness
What The Problem Is
The issue is that many facial recognition systems lack liveness detection: they mistake photos of people for real people.
Photos of people are extremely easy to obtain - whether it is taking it off a person's social media profiles or from your phone's camera, getting a picture of most anyone's face is quite simple.
How It Is Done
The spoof is as simple as showing any kind of high-quality color photo of a person to the camera, whether it's on a printed piece of A4 paper or a selfie on a smartphone. See this WSJ video of a reporter entering a supposedly secure school by printing out a photo of the principal.
That WSJ report says the provider Real Networks had the liveness detection 'disabled' on that day but later turned it back on.
UPDATE: Mike Vance, Real Networks senior director, explained to IPVM that the gate's liveness detection function - which is based on someone smiling at the camera - was turned off "for about a week" because a speaker was being installed to let people know that they needed to smile to get in.
When IPVM visited Secutech Taipei this year, we asked to do liveness detection tests on all the providers offering access control with facial recognition. Three of the four we profiled failed. The only that did not was a company that specialized in liveness detection.
AiUnion: Fail At First Try
Taiwanese company AiUnion markets itself as an “innovative and advanced AI deep learning” firm, developing its own facial recognition technology for virtually any use (smart city, law enforcement, commercial, etc). Despite this marketing, AiUnion's access control demo failed to prevent a basic selfie from being greenlit on the first try:
In response, we were told this was AiUnion’s “2D” camera - they claim the “3D” one would not have failed.
Shenzhen Sewo Science & Technology Company: Fail At First Try
This Chinese access control manufacturer/OEMer produces low-price barriers, turnstiles, and parking solutions, claiming to be a "Top 10" manufacturer in China. At Secutech, they touted a demo of a face rec pad for access control:
As was the case with AIUnion, the demo was unable to pass a basic liveness detection test, with a simple selfie being greenlit:
We were told the device above cost about $600. The rep stated that for $680, a device that foiled liveness detection spoofs was available.
Geovision Declines To Test, States It Would Have Failed
Despite being Taiwan's third largest manufacturers after Vivotek and Dynacolor, Geovision had a very small booth at Secutech, which promoted a demo of an access control device with face verification that a brochure touted as "a solid feature with future potential":
When we asked Geovision if we could do a simple liveness detection test by seeing if a selfie would let us in, the rep quickly fessed up that the device had "no liveness detection" and did not allow us to test it. We were told the demo device was only a prototype and another, unspecified Geovision device could support liveness detection, although this device was not on display.
The Geovision rep went on to tell us the firm's facial recognition solutions generally had accuracy of 96 to 99.2% and that about 10% of Geovision's business is AI-related at this stage. Needless to say, accuracy percentages are irrelevant if a stranger can spoof your facial recognition by pulling up a photo on his phone.
LIPS: Only Success Case
Taiwanese company LIPS positions itself as a "3D vision"-specialized company selling camera/software analytics solutions. At Secutech, they marketed software specifically aimed at foiling liveness detection fails. LIPS rep Rebecca Chang showed us that the technology did work to detect spoof attempts, unlike for Sewo, Geovision, and AiUnion:
IPVM tested it as well with a selfie, and the system worked again. The market price of one of LIPS’ access control cameras (the AC770) is $5,000, something Chang said would go down when they switch from Nvidia to Intel processors.
We recommend you try this yourself for any facial recognition access control live demo to see how 'smart' the system is.
Face Rec Liveness Detection Methods
IR / depth mapping and machine learning methods are the two most common techniques to overcome this problem.
IR / Depth Mapping
Many face readers claiming 'liveness' employ more than a visible spectrum image for analyzing face images.
Commonly, face images are taken in the IR or other non-visible light spectrum and compiled into a '3D Depth Map' (see Apple's implementation) of points on a surface to verify an actual face is being viewed and not a 2D photo.
Machine Learning Methods
Facial Liveness detection can be achieved via a number of heuristic methods, with three of the more pragmatic examples being:
- Mouth/Lip Movement: For liveness confirmation, users moving their mouth to breathe or speak 'proves' they are not a printed image.
- Eye Movement: In the same way, human eyes are not stationary, and even subtle movements of eyes indicate subjects are live people and not images.
- Blink Detection: Photo images do not blink, so visual confirmation faces/eyes are blinking is a common liveness test.
Like other aspects of computer vision, actual result varies depending on image quality and which algorithm is deployed.
Similar to the concepts in Multi-Factor Authentication, combining multiple liveness detection methods into a face rec system increases the confidence interval of real faces, not images.
Poll / Vote