Visual biometrics technology has met its match—a concerted global effort is needed to fix the vulnerabilities fast

Ever heard of ‘model hacking’? It has just been used to bypass a facial recognition system by making the security system think it ‘sees’ an entirely different person. 

Look carefully at the four images below; can you spot which of these is fake and which are real?

The answer may surprise you; all four images are completely fake: they are 100% computer-generated, and not just parts of different people creatively superimposed. Using such images with model hacking to fool facial recognition systems is no longer a concept.

Model hacking—sometimes known as “Adversarial Machine Learning” (AML) is the study and design of adversarial attacks targeting AI learning models. In the feedback-learning loop of AI, the model continuously is periodically trained to understand new threats and to ensure that the model can defend evolving and current attacks.

It all started when cybersecurity solutions firm McAfee investigated facial recognition technology, looking at how challenging it might be for an individual to bypass a modern facial recognition system. The firm then designed and built a state-of-the-art facial recognition system closely reflecting the types of airport passport verification systems deployed in the real world. 

Ultimately, McAfee hackers were able to “model hack” the facial recognition system, causing it to misclassify an individual as a completely different person while maintaining the photorealistic appearance of the original individual. 

Implications of model hacking

As is the case with many technologies, by developing facial recognition further, the industry is also further developing a possible attack vector; identifying and mitigating security issues proactively is imperative. Also,

  • The findings signify an opportunity for partnership between the threat research community, developers, and vendors to look deeply into facial recognition technology, generate awareness about the security flaws, and build systems that are hardened to these types of attacks. 
  • This research can further the conversation around security concerns inherent to applications of machine learning. While data science brings incredible opportunity for advancements, it is imperative to be proactive about the security concerns that accompany it.

Read more about the mechanics of AML to understand why McAfee has launched a call to action to enhance facial recognition security.