October 28, 2015

How easy is it for hackers to steal your face?

News Privacy Security Technology

Cybercriminals hunt for data of all kinds: personal details, photos, videos and even ways that users interact with others; this data is often stolen from social networks. Stolen data is often posted elsewhere online to be sold to other criminals looking to make a profit.

With that said, a digital ID is made up of much more than social media accounts. As technology continues to make advancements, so does the amount of components of our online identity that can be stolen or forged.

Face off

How easy it is to steal your digital identity?
It’s already possible to put on the face of another person during a video call. With the correct approach it can look so realistic that you’d hardly distinguish between the forgery and a real person.

There was an app in 2011, which could overlay a face from a photo onto a moving face in a video, dynamically, in real time. Have you ever dreamt of Angelina Jolie’s lips or Brad Pitt’s face? No need for Photoshop here, just a creepy app.

Of course, in 2011 the algorithm was imperfect. After four years on Facebook Oculus Rift developers and researchers at the University of Southern California demonstrated a way to track the facial expressions of someone wearing a virtual-reality headset and to transfer them to a virtual character. That could make for online games and even more. Just imagine, how tough would Warcraft or other massively multiplayer online role-playing game (MMORPG) characters look with your glowering face expression! Sounds interesting.

It was clear that people would also be able to exchange facial gestures in video chat,. Recently researchers from Stanford have presented a solution for this.

Sounds great, but as usual every new development can be used for good and for evil — to deceive, defraud and gain profit in illegal way. And be sure, cybercriminals are very creative when it comes to exploiting technology to make money.

InVulnerable biometrics

Currently people use their fingerprints to enter gyms, which belong to the popular American fitness center chain 24 Hour Fitness. Patients of New York University medical center show their palms instead of their insurance cards, as PatientSecure system scans unique vein patterns in their hands.

But let’s look at the situation in a different way. We use passwords to access Internet services. When a password is compromised, you can easily change it. Speaking of plastic credit cards, they can be quickly substituted as well — in a week or two — if they are lost or stolen.

Imagine, that you use parts of your body for identification, such as fingerprints or iris scans. Can you make new body parts, if cybercriminals make copies of the old ones?

Victims of identity theft can wait from three to five years before the problem is fixed.

There are instances where one cannot wait that long as research has shown that it is feasible to fake DNA, imagine if that is planted at a crime scene.

Can we fake it?

As it turns out, it’s not that hard to compromise another person’s biometrics, such as fingerprints and iris scans. The worst part is that one can do it remotely. A German biometrics specialist Jan Krisller, who had risen to fame after hacking Apple’s TouchID, recently discovered how to copy iris and fingerprints from high resolution photos.

Krissler extracted the iris data of German chancellor Angela Merkel, using a photo taken at a press conference. A criminal can do the same with a magazine image. He also confirmed that one could print the data onto a contact lens and use them to defraud an iris scan system.

Forging fingerprints is just as easy. For example, Krissler did it with a common SLR camera and a 200mm lens. With a photo of the victim’s hand criminals can make a dummy and pass the fingerprint scanner just as easily.

Biometrics still has room for improvement. We should not implement new technologies without specific protection systems that will guard people’s personal data. Otherwise there can be failures and investigative research into hacking the technology – we’ll be sure to tell you about them. For now we highly recommend you to be vigilant and protect important data with the old-fashioned password and two-factor authentication technology.