Is Facial Recognition Safe?
Updated: November 13, 2020Facial recognition authentication provides unique benefits and an easy way for users to secure their smartphones and online payments. Still, there are also significant concerns that should be taken into account.
Unlock patterns and pins have been around from the beginning of Android devices. But technology has granted us with more advanced methods to secure our devices such as fingerprints and facial recognition.
While the nine dots grid provides a level of security for devices, they might not be the best way to secure your phone. Most people tend to choose a short and easy pattern that's not hard to guess. And even if the pattern is more complex, your finger can leave oil traces on the screen giving away your passcode.
With pin codes, the level of security is even lower as most chosen pins are birth dates or other easy to guess combinations.
So we can resort to more advanced authentication methods to better secure our phones and tablets.
Facial recognition is an authentication method that was introduced in 2011 with the release of Google's Ice Cream Sandwich Android. Even though facial recognition has an 8-year history, it recently started to take off because of the advancement of technology and the decrease in limitations.
Our phone cameras are now able to identify a person in order to perform specific activities such as unlocking smartphones or making online payments which makes it a convenient choice.
But facial recognition authentication also raises some privacy and security concerns.
How facial recognition works
Facial recognition helps verify someone's identity by using biometrics to map facial features from videos or photos and matching them with a database of known faces.
The process, easily explained, starts with a picture of your face taken from a video or photo. The software maps the geometry of your face, considering key factors such as the distance between your eyes. It also identifies facial landmarks to localize specific regions on the face (eyes, mouth, nose, etc.) creating your facial signature. This signature is then compared to the facial recognition system database to see if it's a match.
Advantages of facial recognition
Comfort and security
Maybe the most important advantage of facial recognition software is that it provides an easy way for users to verify their identities across devices and the internet.
Not only facial recognition is used as an authentication method on smartphones, but it also has uses in verifying identities for online shopping sessions, banking transactions, and logging in different accounts.
Even though at this time facial recognition software still has some limitations, in time, the technology will be able to distinguish our identities with complete accuracy. This will take us to a world where keys, tickets, and even passports will be long forgotten. Moreover, facial recognition could become the primary way of verifying our identities across the internet, saying goodbye to multiple passwords and account credentials.
Identifying and recovering
Search and rescue efforts are extremely important when it comes to calamities, such as earthquakes. Facial recognition technology in conjunction with search tools (such as Google Person Finder) can help identify missing people bring them together with family and friends.
The Department of Homeland Security's Science and Technology Directorate is developing facial recognition algorithms to help rescue victims of child exploitation. The aim is to help investigators quickly locate both the victims and the criminals.
And facial recognition doesn't stop at identifying people. PetRescue is an Australian organization that uses facial recognition to find a home for rescued dogs. Their technology uses AI to analyze dog photos on Instagram and finding alike dogs available for adoption.
Problems with facial recognition
Facial recognition security
As expected, hackers are looking for ways to copy users' faces in order to get past by facial recognition software. Still, facial recognition technology has been proven to be harder to be fooled than fingerprint or voice recognition.
For example, German hackers managed to fool the iris recognition feature on Galaxy S8 smartphone by only using a photo of the owner and a contact lens to match the curvature of the eye. The facial recognition feature on Galaxy S8 was also known to be bypassed by simply using a photo of the owner. These occurred in 2017 when the smartphone was first launched but the newest smartphones still remain vulnerable to being fooled by simple tricks.
The facial recognition system on the Galaxy S10 still remains as weak as its previous versions. Lewis Hilsenteger showed on his YouTube channel how he's been able to trick the facial recognition system into unlocking the device by placing a video in front of the camera.
To put a bit into perspective how secure the facial recognition software is for protecting smartphones, a non-profit Dutch organization has tested 110 smartphones. Holding a photo of the owner was enough to unlock 42 of the tested phones. Apple still manages to hold its reputation intact with the Face ID facial recognition feature which seems to be almost impossible to hack because of the implementation of different technology.
Data Breaches
Not only facial recognition software can be fooled and hacked, but there's also the vulnerability of data breaches because of the use of databases.
This raises great concern for users' online privacy.
There are so many data breaches going on in the digital world, meaning that our private information we share with third parties is always at the risk of being shared, including our facial identity due to the databases of facial recognition technology.
And this is not all. Companies can also sell information to advertising companies or other third-party bidders.
Identity theft
When we use facial recognition authentication on our devices, we must be aware that all devices are susceptible to online threats. Especially nowadays when IoT devices are increasingly used.
When it comes to identity theft through biometrics, things get uglier. If you get your credit card stolen, you can easily request your bank to block your account and get a new credit card. But with biometrics, you can't get a new face to solve the problem.
Online Stalking
The facial recognition software can also be used to track down people, which may pose a risk for your privacy.
For example, someone can take a photo of you on the street and then use facial recognition technology to find out who you are.
This technology also makes it easy for the government to track down your every step. They can find out where you are and what you do at any time if there's a camera around to analyze your face. This ability to recognize folks on the street can turn to have good uses. For example, in Shenzhen, the police uses facial recognition software to identify pedestrians who don't follow traffic laws. But the thought of someone being able to identify you wherever you go is not so great for living a private and free life.
Identifying flaws
For now, the facial recognition technology is not one hundred percent accurate.
For example, the amazon's Face Rekognition software incorrectly identified 28 members of Congress as criminals.
This can turn to be dangerous as law enforcement is using facial recognition technology to identify someone who committed a crime. What if someone steals a car and the software matches you as the suspect?
Can facial recognition be hacked?
On many Android phones, the facial recognition software can be bypassed by only using a photo or a video of the phone's owner. On Apple devices, on the other hand, the facial recognition feature has turned to be almost impossible to hack because it also uses the infrared camera to figure out if there's a real person in front of the camera.
Conclusion
Facial recognition authentication provides unique benefits and an easy way for users to secure their smartphones and online payments. Still, there are also significant concerns that should be taken into account.
- Fooling the system - The facial recognition feature can be fooled on many Android devices by using a photo of the phone's owner.
- Security - Your facial signature can be stored by companies and hackers could steal this data.
- Online stalking - Someone can take a picture of you on the street and use facial recognition software to find out who you are.
- Infringing freedom rights - The government can use facial recognition to track down where you are and what you do which results in a not so private life.
The best practice for securing your phone is to use one type of biometrics authentication along with another form of security.
Even though the facial recognition technology still has vulnerabilities and can be bypassed on many Android devices, the future of the technology seems to be exciting and will probably have a lot more uses in the future to simplify the way we verify our identities in the digital world.