Briskinfosec - Your Perfect Cybersecurity Partner

Stay Connected:

The security and privacy risks of face recognition authentication | Briskinfosec

The security and privacy risks of face recognition authentication

Image

Contents:

  • Surveillance, privacy, and security
  • Introduction to Face recognition authentication
  • The major risks associated with Facial recognition authentication
  • We are in a Tomorrowland 
  • Conclusion
  • How Briskinfosec helps you?
  • Curious to read our case study?
  • Last but not the least
  • You may be interested on

Surveillance, privacy, and security

Biometric Identification has changed the way people were identified. Since the Last decade, its growth is incredible and has transformed a lot of industries from military to mobile industry. Facial recognition is one of the biometric identification types that can be easily performed without the object’s knowledge unlike retinal scans, blood samples, or fingerprints. It is a security system used to identify or verify a subject from a digital image or live footage. Also, Facial biometric recognition has become a new way to unlock the devices.

Introduction to Face recognition authentication:

Facial recognition is rapidly changing the mobile industry and even replacing the fingerprint entirely like in iPhone X model. Apple has decided to remove the Touch ID by replacing Face ID. With the launch of Face ID, Apple made face recognition as a primary method to unlock phones. From authenticating the users, the recognition is also used in the payment services. Like Apple, other manufacturers are also making similar changes including Motorola, Nokia, Samsung, and other smartphone makers. It decides our life style from travelling, shopping, and much more. Facial recognition is not only changing the mobile industry but also other fields. Its implementation is getting different based on the design, hardware, and the kind of software used like sensors, cameras, AI, and machine learning.

The major risks associated with Facial recognition authentication:

Identity theft:

The identity theft on face recognition systems is severe. If you have a sibling with more similar facial features like you, then the risk probability of unlocking your iPhone by him/her is high. Risk of spoofing others identity is much higher when monetary transactions are authenticated with biometrics.

Risks associated with storage of data:

The risk of storing biometric data is another critical issue with biometric identification. If your facial data is stored in a cloud server, third parties will be able to access it, even without your authorization. Increasing number of security attacks over the years have compromised various data like personal details, financial data, and even the passwords of millions of users. Systems containing a biometric data of employees, customers or citizens are a primary target of hackers and if the data is compromised, ends up in a loss that’s too hard to handle because biometric data of an individual can’t be changed, if compromised.

Forcing facial activation:

Let’s say if you're captured by criminals who force you to unlock your smartphone and if your phone requires passcode or pattern to unlock, they must torture you to type or spell it out. For fingerprint locks, they need to force you to press your exact finger against the sensor. However, for face recognition, they just need to hold the phone in front of your face which can be a serious risk. But some manufacturers like Apple’s Face ID uses machine learning algorithm to analyze, whether it’s an authentic attempt to unlock or not, and it won’t work if you're not awake or conscious, and when not facing your phone.

We are in a Tomorrowland:

Compared with other biometrics, facial recognition offers less protection in terms of privacy and protection level of individuals. If you care about the individual's rights and privacy, don’t ponder over it now. The changes have already begun and are happening swiftly around the world in different levels.

China:

The government is using surveillance cameras, facial recognition, AI, smart glasses and other technologies to monitor people based on their socializing manner, which leads towards both, benefit and punishment, in the society as well. China plans to give each citizen a social credit score. The score can rise or fall based on a wide range of behavioral analysis. If your score gets too low, you will be banned from buying a flight ticket, renting a house, getting high-speed internet, or even getting a loan.

With millions of surveillance cameras in China, the government can monitor or record pedestrians and their faces will be shown in the bus stops public screens. By 2020, China plans to give all of its citizens a personal score, based on how they behave.

Singapore:

GovTech, the Singapore government agency that’s in-charge of a “Lamppost-as-a-Platform” (LaaP) project is planning to implement surveillance cameras with facial recognition technology for over 100,000 lamp posts, to help authorities pick out and recognize faces in crowds across the city-state. The project is a part of Singapore’s “Smart Nation” plan to improve people’s lives. The government said that this would allow them to “perform crowd analytics” and even provide support in anti-terror operations.

Malaysia:

Malaysian airline AirAsia rolled out the FACES (Fast Airport Clearance Experience System) technology which uses facial recognition process to allow passengers to board their flights faster. This FACE program was unveiled at Senai International Airport in Johor Bahru, Malaysia. This is the first Malaysian airport to use facial recognition technology to board the passengers. As the system is still in its development stage in Malaysia, non-frequent and first-time foreign visitors to Senai Airport could have some doubts about having their personal information stored. Moreover, even they are suspicions about their data handling and how the data is being stored.

Conclusion:

Every technology has its own limitations, and facial recognition isn’t an exceptional one. Despite the risk factors associated with facial recognition, it is the future of identification and authentication practices all over the world, in which we can’t skip the changes. Surveillance, privacy, and security are the triangles which tech companies and governments are zeroing down in-order to find a reliable way to identify and monitor you.

How Briskinfosec helps you?

Well, facial recognition process isn’t an easy deed to be secured. During recognition, the device may go haywire while identifying the exact identity of the entity. Apropos of that, even the process may malfunction. To ensure the continuity of such IoT processes, a competent IOT security assessment from a reliable cybersecurity firm is mandatory. Our security professionals provide top notch security assessments of both types, static and dynamic, to all your IOT processes and assess the entire attack surfaces. Further, practical awareness on all such related issues will also be provided.

Curious to read our case study?

Our stakeholder, one of leading device provider in IOT domain, wanted us to perform a complete security assessment on all their devices. We performed both types of security assessments, static and dynamic, identified the flaws, eliminated them and have prepared that as a case study. Read it out to acknowledge in-depth.

Last but not the least:

It’s impossible to procure light in absolute darkness, unless and until you’ve got one in your own possession. Similarly, in this dark era of cyberattacks/breaches, to remain secure from them, it’s best to enlighten your minds about the various significant attacks, its possible impacts, the loopholes for them to infiltrate into your security environment, the best possible ways to obliterate them, and much more. But, all these to be searched one-by-one in search engines and websites is truly, “irritating and time-consuming”. Henceforth, we offer you a present named as Threatsploit Adversary report. It’s a single report that contains all the above ones, within just one click. Read it and you’ll surely realize the reasons in asking you to do so.

You may be interested on:

 


Add Your Comments

Name*
Email*
Your Comments*