Facial Recognition Systems Fail Simple Liveness Detection Test

By: Brian Rhodes and Charles Rollet, Published on May 17, 2019

Facial recognition is being widely promoted as a solution to physical access control but we were able to simply spoof 3 systems because they had no liveness detection.

The image below is an example of how it works. If a person is in a facial recognition system, often you can trick the system by simply holding up a photo of that person.

liveness detection

When the 'key' is your 'face', being able to use a photo of a face to copy the 'key' is a significant risk.

In this post, we explain:

  • What the problem is
  • How we were able to spoof them
  • Examples of providers who failed 
  • What the risks are of using such systems
  • What methods are used to detect liveness

****** *********** ** ***** widely ******** ** * solution ** ******** ****** control *** ** **** able ** ****** ***** 3 ******* ******* **** had ** ******** *********.

*** ***** ***** ** an ******* ** *** it *****. ** * person ** ** * facial *********** ******, ***** you *** ***** *** system ** ****** ******* up * ***** ** that ******.

liveness detection

**** *** '***' ** your '****', ***** **** to *** * ***** of * **** ** copy *** '***' ** a *********** ****.

** **** ****, ** explain:

  • **** *** ******* **
  • *** ** **** **** to ***** ****
  • ******** ** ********* *** failed 
  • **** *** ***** *** of ***** **** *******
  • **** ******* *** **** to ****** ********

[***************]

What *** ******* **

*** ***** ** **** many ****** *********** ******* lack ******** *********: **** mistake******** ****** *************.

****** ** ****** *** extremely **** ** ****** - ******* ** ** taking ** *** * person's ****** ***** ******** or **** **** *****'* camera, ******* * ******* of **** ******'* **** is ***** ******.

How ** ** ****

*** ***** ** ** simple ** ******* *** kind ** ****-******* ***** photo ** * ****** to *** ******, ******* it's ** * ******* piece ** ** ***** or * ****** ** a **********. *** ******* ******* * ******** ******** a ********** ****** ****** by ******** *** * photo ** *** *********.

**** *** ****** ******* ******** **** *********** *** ******** ********* 'disabled' ** **** *** but ***** ****** ** back **.

******: **** *****, **** Networks ****** ********, ********* to **** **** *** gate's ******** ********* ******** - ***** ** ***** on ******* ******* ** the ****** - *** turned *** "*** ***** a ****" ******* * speaker *** ***** ********* to *** ****** **** that **** ****** ** smile ** *** **.

********

**** **** ******* ******** Taipei **** ****, ** asked ** ** ******** detection ***** ** *** the ********* ******** ****** control **** ****** ***********. Three ** *** **** we ******** ******. *** only **** *** *** was * ******* **** specialized ** ******** *********. 

AiUnion: **** ** ***** ***

********* ******* ******* ******* ****** ** ** “innovative *** ******** ** deep ********” ****, ********** its *** ****** *********** technology *** ********* *** use (***** ****, *** enforcement, **********, ***). ******* this *********, *******'* ****** ******* demo ****** ** ******* a ***** ****** **** being ******** ** *** first ***:

** ********, ** **** told **** *** *******’* “2D” ****** - **** claim *** “**” *** would *** **** ******.

Shenzhen **** ******* & ********** *******: **** ** ***** ***

**** ************* ******* ************/************* ***-***** ********, **********, and ******* *********, ******** to ** * "*** 10" ************ ** *****. At ********, **** ****** a **** ** * face *** *** *** access *******:

** *** *** **** with *******, *** **** was ****** ** **** a ***** ******** ********* test, **** * ****** selfie ***** ********:

** **** **** *** device ***** **** ***** $600. *** *** ****** that *** $***, * device **** ****** ******** detection ****** *** *********.

Geovision ******** ** ****, ****** ** ***** **** ******

******* ***** ******'* ***** largest ************* ***** ******* and *********,************ * **** ***** booth ** ********, ***** promoted * **** ** an ****** ******* ****** with **** ************ **** a ******** ****** ** "a ***** ******* **** future *********":

**** ** ***** ********* if ** ***** ** a ****** ******** ********* test ** ****** ** a ****** ***** *** us **, *** *** quickly ****** ** **** the ****** *** "** liveness *********" *** *** not ***** ** ** test **. ** **** told *** **** ****** was **** * ********* and *******, *********** ********* device ***** ******* ******** detection, ******** **** ****** was *** ** *******.

*** ********* *** **** on ** **** ** the ****'* ****** *********** solutions ********* *** ******** of ** ** **.*% and **** ***** **% of *********'* ******** ** AI-related ** **** *****. Needless ** ***, ******** percentages *** ********** ** a ******** *** ***** your ****** *********** ** pulling ** * ***** on *** *****.

LIPS: **** ******* ****

********* ******* **** ********* ****** ** * "3D ******"-*********** ******* ******* camera/software ********* *********. ** Secutech, **** ******** ******** specifically ***** ** ******* liveness ********* *****. **** *** Rebecca ***** ****** ** that *** ********** *** work ** ****** ***** attempts, ****** *** ****, Geovision, *** *******:

**** ****** ** ** well **** * ******, and *** ****** ****** again. *** ****** ***** of *** ** ****’ access ******* ******* (*** AC770) ** $*,***, ********* Chang **** ***** ** down **** **** ****** from ****** ** ***** processors.

Test ********

** ********* *** *** this ******** *** *** facial *********** ****** ******* live **** ** *** how '*****' *** ****** is.

Face *** ******** ********* *******

** / ***** ******* and ******* ******** ******* are *** *** **** common ********** ** ******** this *******.

IR / ***** *******

**** **** ******* ******** 'liveness' ****** **** **** a ******* ******** ***** for ********* **** ******.

********, **** ****** *** taken ** *** ** or ***** ***-******* ***** spectrum *** ******** **** a '** ***** ***' (*** *****'* **************) ** ****** ** a ******* ** ****** an ****** **** ** being ****** *** *** a ** *****.

Machine ******** *******

****** ******** ********* *** be ******** *** * number ** ********* *******, with ***** ** *** more ********* ******** *****:

  • *****/*** ********: *** ******** ************, users ****** ***** ***** to ******* ** *****  'proves' **** *** *** a ******* *****.
  • *** ********: ** *** **** way, ***** **** *** not **********, *** **** subtle ********* ** **** indicate ******** *** **** people *** *** ******.
  • ***** *********: ***** ****** ** not *****, ** ****** confirmation *****/**** *** ******** is * ****** ******** test.

**** ***** ******* ** computer ******, ****** ****** varies ********* ** ***** quality *** ***** ********* is ********.

Multi-modal ********

******* ** *** ******** in *****-****** **************, ********* ******** ******** detection ******* **** * face *** ****** ********* the ********** ******** ** real *****, *** ******.

Poll / ****

Comments (30)

*******, **** **** ** spoofing ***** *******!

* ** * *** amazed ***** *** ******* sellers **** ****** ***** facial *********** ****** *******. Access ******* ** ****** demanding ***** **** ***** accurate *** **** ********** which * ******* **** of ***** ********* **** not **.

*** *** ******* *** passed (****) ***** $*,*** (which **** ** **** to ******* *** **** users) *** ***** **** 3 ******* ** ***** access, * ***** **** for ** *********** ***** walk-through / ********* *********** is *** *** ********* entering:

****, ******* **** ** with **** ***** ** was ** ********, ** he *** **** **** to **** **** * limited ****** ** ******* there. ** ********* **** to ** **** ***** on ***** ******* ** the ******.

*******, *****, *** *** fill ** *** ******* why **** ****: ***** **** ***** ** down **** **** ****** from ****** ** ***** processors.  ?

**** ******* ******** ** the ******** ** ********* from *** ***** ** GPU *****.

*** **** ******** / analytics, **** ********* *** they *** ***** *****, they ********* **** ******** / ******, *** ************ Intel ****. *******: ***** ****** ******* ***** 2 / ******** ** Test

**** ***** * *** of *****.  ****** *** the *************.

********** *** ** ********** as **** **** ... static ********* **** ***** change *** *** ** left **********. *** ***** of **** ********** *** such **** **** ******** harder *** *****'* ****** the ***** **** **** there ** ** ********** or **** *********** ** biometrics.

***

****** *********** *** ****** control ** ******** * hot *****.

** ******** ** *** recent ******** *******, *** news ***** ***** *** ******* this week ** ** **** (St. *****).

** ***** ***** *** of ***** ******* ******* to ***** ** ** "expert" ** ** ******* the *** ******* ******.

**** - ******* ***** new ****** *********** ********** to **** *****, *** is ** *********?

 

****** ** ****** *** extremely **** ** ****** - ******* ** ** taking ** *** * person's ****** ***** ******** or **** **** *****'* camera, ******* * ******* of **** ******'* **** is ***** ******.

****** ** ******’* ***** are ******* ********* ** many ***** ** ****.  Would *** ********* ******* you ******* ***** ****** be ****** ** * playing * *****?

  • *****/*** ********: *** ******** ************, users ****** ***** ***** to ******* ** ***** 'proves' **** *** *** a ******* *****.
  • *** ********: ** *** **** way, ***** **** *** not **********, *** **** subtle ********* ** **** indicate ******** *** **** people *** *** ******.
  • ***** *********: ***** ****** ** not *****, ** ****** confirmation *****/**** *** ******** is * ****** ******** test.

#*, **'* * **** point / ********. ** will **** **** ** the ******. 

*******! ** ***** **** the ******* ******** ******* can ** ****** ******** by * *****. ****** a ***** ******* ** a ******? ** *******. If **** *** **** photos *** **** ****** available **** * ***** recommend ** ** ** instagram; ***** ****** **** has * ***** ** share ******* ******** **** the ******...

** *** ********* ******** dictates *** ********* **** must ** **** - move **** ** ****, move **** ** ***** - **** **'* ****** unlikely **** * *********** video ***** ****. 

* ******* *** **** to **** *** *** reasons ** *** *** are ***** ****** ***********. 

** ** *** ***** into * ******** ******* a ****** ****?

** ** * ******* turnstile ***** *****?

**** *** ****** ***** you *** ***** ** you ***** ** **** to **** *** ********** measures ********** ** ****** recognition.

**** ****** ***** ***** - *****-****** ************** - Swipe ****/*** + ****** recognition + ********** *********

**** * ******* **** is, **** *** ****** and **'* **** * matter ** **** ****** it *** *****. ***** up ***** **** ****, someone ****** ** *********** from ** ***** *** used ** ** ***** my ***** *********** ****. Another ************* ** *** failings ** *********** ***** identification.

******* ****** ** *********** from ** ***** *** used ** ** ***** my ***** *********** ****

***** ****** ****** **** a ****** *********** ****** is ********* **** ** pull *** ***** ************ are *** ******* ********* online. * ** *** discounting ************** ******** ** a *******, **** **** getting * '*****' ** someone's **** ** *******.

*** ****** ** *** type *** ** ******* if ****** ********* *** devoted ** *** ****.

** * ********* ********, our ************** ** ** make ******** ** **** as ********, *** ******** detection (**** ********** *&*) is * *** **** of ****. 

** * ********* ********, our ************** ** ** make ******** ** **** as ********

*** ****, * ** not *********** **** *** a ****** *********** ****** that **** *** *** a ***** ** *** in ** **** ******* a *****-** ** **** password ** *** ** your ********:

Image result for writing password on paper next to screen

***, ****** **** ** any ****** ****** **************, regardless ** *** ********, is * **** ********. Multi-factor ************** (********* * know, ********* * ****, Something * **) ** the **** *** ** ensure *** *** ********** your ***-***. 

*** *** ******** ** multi-factor ** ************* / reduced **********. ** ** clear, * ** *** arguing ******* **, **** pointing *** **** **** buyers *** ********* ***** those ****** ********** ** non ****-******* **********.

** *** ****** ****** being '**** ********', ******* question - *** **** is ** ** *****/***** iris? ******* ** **** iris ** **** *********** to **** ******, ***/**?

*****-****** ******* **** *** or **** *********** ** used ***** *** ** proven ineffective. ***** *** *** *********** one *** ** ***, can *** *** ** defeated? *** ** *** answer ** ** **** the ******* **** ******** is, *** *** *** just *** *** **** cannot ** ********? **** is * ****** **** ** infinite ***** ** **** ** credentials *** **** ** the ******* ** **************. The ****** *** ** to ******** ****** *** way ****** ******** ******.

***'** ***% ******* **** you *** "*****-****** ******* that *** ** **** credentials ** **** ***** one ** ****** ***********."  The ***** ****** *****-****** authentication ** **** *** credential **** **** *** successfully **** **** **** just *** **** ** be ******* ******. ** in *** **** **'** discussing, *** ***** **** to **** **** *** prox **** *** ******* the **** **** *** associated **** *** ******* in ********.

*****, *** ****'* *** point. ** *****'* ****** incentive ** ** ** then **** *** ** defeated ************* ** ********, its **** * ****** of ********** *** *** discussing. *** ** *** other ****, * ****** that ****** * *** of **** ***** ****** to *** ***** ** recognition has *** ****** ***** for **. ***, ** recognizes ********** ** *****. Two, *** ***** **** exhibit the *** ** **** human ****** ******** *** recognized ** *** ******. *** walking ******* **** ******* *** know ************* **** ** addition ** *** ******* challenge *** **** ** also ***** ***, ****** and ******. *** ****'* only *** ** *** random *** ******** ******.

* ***** **** *** to * *****. *** idea **** ***** ****** is ** ******** *** difficulty ** ********** *** various ******* *** ***** the ***** ********* *** level ** **********. *****, traditional ******* *** ********* I **** (****/***** *****), something * **** (***/********) and ********* * ** (Face, ******, ****, ****).

*****, ***** ********* ******* that ***** **** **** to ** ********* ** gain ******.

** ** ******* * don't ***** **** * person's ******, *** ** height ******* ** *********** vectors. * **** *** many *********** **** ********** as ** ******* ******** biometrics (****, ****** *** iris) ***** ******** ********** true ***** ****** ************** because **** *** *** technically *** **** ****** (something * **).

******** ****** **** **** you ** *** ******* if *** *** ***** a ****, *********** ***/** iris (*** *** ***) it *****'* ** *** any **** ** *** don't **** **** * person's ***/********. 

**** **** ****** ******.

**** ******* **********, **** can **** ** ** inconvenience. **** ** ******* to ******* (******** *** easy ** *** *************); fingerprint ** ******** **** (especially **** * *********** fingerprint ******); **** ** getting ******, *** ** harder **** *** ***** two. *** **** ***** the ************* ** **** spoofing. 

**** *** *** ****** goes - ****, **** or *****-*** *** **** any *** *** *** all *****. ***** ** no ******** **** * single ****** ** *********. In ***** ** *** non-high ******** ******** ***** is ********* ***** **** cards *** *******, *** can *** * **** recognition ***** **** **** not **** **** **** current **********. **** ****, if *** *** * 'non-high ******** ********' *** would *** ** ** the ******* *** ******* to *** ** * second ******?

** *** **** ********, I'd **** ** ***** to ** **** ******** to ******* **** ***. Common ***** **** **** you *** ****** **** source ******** *** * face ***** ****** **** an **** ***** ******.

*****-****** ************** ******** *** or **** ********** ****** tests. ***** * *** with * ********, ** access **** **** * token, ** **** **** finger *** *** *****-****** tests.

***** *** ****** **** face ** **** ******* when *** ***** ****** is * *:**** **** (e.g., ****** ****) ** the ******-** ********* **** collapses ** * *:* verification. **** **** ******* the ******* ********* ******** with *** ****** ***** alarms. **** ********** ** so ****** ** ******** doesn't **** ****. *********** vendors **** ***** *** same ********* ******** *****, but **** ******** *********.

****'* ***********. ************ ***** multiple **** ******* ** called: ********* ?

** * ***** ** equipped **** * *********** reader, **:******* ***** *********** ****** **** ***** * single ******? ** ** that ***** ***, ** activate * ******?

* ***** **** ******** biometric *** ** ******** to **** *** ******* in ******** ** ******. In ******** **** ****** can ** *** ** 1:Many ************** ****, *** then *** ****** ** each ****** **** *** to ** ***** ******* for ************. *********** ******** it's ******** ** *** more **** *** ***** result **** * *:**** card ****, *** **'* unlikely ** *** *** more **** *** ****** from *** ********* ***** than **** *** ***** finger **** * ***** database. ** * ****** approach ***** * *** of ***** *** ****** the **** *** ************* factor ******.

**** ********* *** **********, like **** *** ******, or ******** **** * statistical ******, ****** * means ** ********* *** aggregate ******** *** *********** false ****** ******** **** careful *******. ******* ***** is *** *** ****** as ** *** ** one **** ** *** expense ** *** *****.

************ ***** ******** **** factors ** ******: *********

**** ** ******* * check?

*’** **** “*** ** Vein” *** $***, ******.

********** ****** *********** *** subject ** **********, ******** ******** **** ******* biometric **** ** **** than * ******* ***** - *** ******** *******. ****** ********** biometrics ** ***** ****** of *** ***** ** a ********** ** *** statically ****** *** *** subject ** **********. ********* an ************** ****** **** employs * ** **** such ********** *** ************** is ********. ** *** point ** ***, *** biometrics ********* *** *** are, *** ********** ** something *** **** *** the ***** ** **** smartphone ** ********* *** know. *** ****** *******, the **** ******* ***** QR, *** ********** ******** a **** **** * challenge **** *** ** identifier *** *** ********* a ********, ********, ** no ******** ********* ** who *** *** **********. In **** ****** **********, the ********* ******* ** delivered **** *** **** net *** ********* **** ble ** **** **** interesting *** *** **** hacker.

*** **** ** *** Suprema ****:******* ********* **** **** Examined

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Open Access Controller Guide (Axis, HID, Isonas, Mercury) on Sep 19, 2019
In the access control market, there are many software platforms, but only a few companies that make non-proprietary door controllers. Recently,...
Directory of 68 Video Surveillance Startups on Sep 18, 2019
This directory provides a list of video surveillance startups to help you see and research what companies are new or not yet broadly known. 2019...
Uniview Prime Series 4K Camera Tested on Sep 18, 2019
Is the new Uniview 'Prime' better than the more expensive existing Uniview 'Pro'? In August, IPVM tested Uniview 4K 'Pro' but members advocated...
Panasonic 4K Camera Tested (WV-S2570L) on Sep 13, 2019
Panasonic has released their latest generation 4K dome, the WV-S2570L, claiming "Extreme image quality allows evidence to be captured even under...
Yi Home Camera 3 AI Analytics Tested on Sep 10, 2019
Yi Technology is claiming "new AI features" in its $50 Home Camera 3 "eliminates 'false positives' caused by flying insects, small pets, or light...
Fingerprints for Access Control Guide on Sep 09, 2019
Users can lose badges, but they never misplace a finger, right? The most common biometric used in access are fingerprints, and it has become one...
Assa Acquires LifeSafety Power on Sep 04, 2019
Assa Abloy is acquiring LifeSafety Power, adding to their growing collection of access control brands like Mercury, August, Pioneer Doors, and...
WDR Camera Mega Shootout 2019 - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision, Panasonic, Vivotek on Sep 04, 2019
This is the biggest WDR Shootout ever, with 23 cameras from 8 manufacturers: We included true multi-exposure WDR and non-WDR models, ranging...
Uniview Pro 4K Camera Tested (IPC3238ER3-DVZ) on Aug 29, 2019
In our 8MP / 4K Fixed Lens Camera Shootout, Uniview's low end 8MP was firmly in the middle of the pack. Does their higher end Pro Series 4K camera...
Mobile Access Control Guide on Aug 28, 2019
One of the biggest trends in access for the last few years has been the marriage of mobile phones and access cards. But how does this...

Most Recent Industry Reports

ONVIF Suspends Huawei on Sep 20, 2019
Huawei has been 'suspended', and effectively expelled, from ONVIF so long as US sanctions remain on the mega Chinese manufacturer. Inside this...
Open Access Controller Guide (Axis, HID, Isonas, Mercury) on Sep 19, 2019
In the access control market, there are many software platforms, but only a few companies that make non-proprietary door controllers. Recently,...
Axis Perimeter Defender Improves, Yet Worse Than Dahua and Wyze on Sep 19, 2019
While Axis Perimeter Defender analytics improved from our 2018 testing, the market has improved much faster, with much less expensive offerings...
Directory of 68 Video Surveillance Startups on Sep 18, 2019
This directory provides a list of video surveillance startups to help you see and research what companies are new or not yet broadly known. 2019...
Uniview Prime Series 4K Camera Tested on Sep 18, 2019
Is the new Uniview 'Prime' better than the more expensive existing Uniview 'Pro'? In August, IPVM tested Uniview 4K 'Pro' but members advocated...
US Army Base To Buy Banned Honeywell Surveillance on Sep 17, 2019
The U.S. Army's Fort Gordon, home to their Cyber Center of Excellence, has issued a solicitation to purchase Honeywell products that are US...
Vivotek "Neural Network-Powered Detection Engine" Analytics Tested on Sep 17, 2019
Vivotek has released "a neural network-powered detection engine", named Smart Motion Detection, claiming that "swaying vegetation, vehicles passing...
Schmode is Back, Aims To Turn Boulder AI Into Giant on Sep 16, 2019
One of the most influential and controversial executives in the past decade is back. Bryan Schmode ascended and drove the hypergrowth of Avigilon...
Manufacturers Unhappy With Weak ASIS GSX 2019 And 2020 Shift on Sep 16, 2019
Manufacturers were generally unhappy with ASIS GSX, both for weak 2019 booth traffic and a scheduling shift for the 2020 show, according to a new...