In Accessorize to a Crime: Real and Stealthy Attacks on
State-of-the-Art Face Recognition, researchers from Carnegie-Mellon and UNC showed how they could fool industrial-strength facial recognition systems (including Alibaba's "smile to pay" transaction system) by printing wide, flat glasses frames with elements of other peoples' faces with "up to 100% success."
The glasses cost $0.22/pair.
As the software learns what a face looks like, it leans heavily on certain details—like the shape of the nose and eyebrows. The Carnegie Mellon glasses don't just cover those facial features, but instead are printed with a pattern that is perceived by the computer as facial details of another person.In a test where researchers built a state-of-the-art facial recognition system, a white male test subject wearing the glasses appeared as actress Milla Jovovich with 87.87% accuracy. An Asian female wearing the glasses tricked the algorithm into seeing a Middle Eastern man with the same accuracy. Other notable figures whose faces were stolen include Carson Daly, Colin Powell, and John Malkovich. Researchers used about 40 images of each person to generate the glasses used to identify as them.
Accessorize to a Crime: Real and Stealthy Attacks on
State-of-the-Art Face Recognition [Mahmood Sharif, Sruti Bhagavatula, Lujo Bauer and Michael K. Reiter/23rd ACM Conference on Computer and Communications Security]
All it takes to steal your face is a special pair of glasses
[Dave Gershgorn/Quartz]
(via Parker Higgins)
