Making Face Recognition Secure By Overcoming Liveness Detection Vulnerabilities

Share Article

Sensible Vision, with 10 million users, comments on the recent USENIX presentation about defeating face liveness technologies using Facebook photos

Even photos or video from a phone in the same light won't fool FastAccess Face Recognition

"Using Sensible Vision’s exclusive and patented recognition/authentication routines, FastAccess is far more resistant to picture and video attacks than any liveness solutions."

Sensible Vision, a leading supplier of face authentication systems for iOS, Android, Windows, and Mac, today responded to the “Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos” presentation made at the recent 25th USENIX Security Symposium. The presentation, given by Yi Xu, True Price, Jan-Michael Frahm, and Fabian Monrose of the University of North Carolina at Chapel Hill, documents the vulnerability of certain face authentication solutions. Five vendors were tested and all failed using the techniques and publicly available photos as listed in the presentation. With 10 million users, Sensible Vision’s products were not part of this presentation.

“By presenting their findings, The University of North Carolina team has done consumers and companies a great service by alerting them to a true security vulnerability. At the same time, it is possible to provide face authentication solutions that address this vulnerability while maintaining the convenience and fun that face recognition offers. Convenience, transparency, and speed are important as many people currently use little if any security to protect valuable data,” said George Brostoff, CEO of Sensible Vision.

Sensible Vision CTO Cyrus Azar added, “All Liveness Detection schemes can be defeated, don’t work under all conditions, and most require 5-12 or even more seconds to operate, minimizing or eliminating the speed benefits in biometrics. Our patented solutions address all of these known weaknesses.”

“Our approach uses something you are – your face – along with something you know – a gesture, secret shape, PIN, or even your voice or fingerprint, entered at the same time as your face is authenticated. A complete authentication takes just 1-3 seconds, making it by far the fastest method to prevent photo & video attacks. It’s also more secure, providing all the established benefits of multi-factor security without the drawbacks of complexity and time. It’s been a standard feature of our products for years and would thwart all the attacks listed in the University of North Carolina presentation.”

All liveness solutions have weakness and vulnerabilities.

The presentation states that “several features could be added to these systems to confound our approach.” They mention Light Projection, Pulse Detection, and Infrared Illumination.

“All security methods, in fact, are susceptible to being bypassed with enough time and effort,” said Brostoff. “Over the years we have tried all of these techniques. Light Projection and Pulse Detection are highly dependent on both the proper camera and ideal lighting environments. Current infrared and 3D cameras work great with flat glass displays but are just as easily spoofed due to reflective differences of other materials. Ultimately, infrared cameras fail near windows or if they are used outdoors. The sun simply overwhelms the needed infrared detail.”

All Face Authentication Solutions are NOT the Same

Using Sensible Vision’s exclusive and patented recognition/authentication routines, FastAccess is far more resistant to picture and video attacks than any liveness solutions. Before its patented, simultaneous multi-factor authentication, Sensible Vision had previously supported most of the Liveness Detection techniques being touted today. The reduced user experiences introduced by liveness detection along with the well-documented vulnerabilities led the company to patent and develop this innovative and superior multi-factor method.

Empowering the user by publishing known possible vulnerabilities

Good security software publishes known vulnerabilities and provides solutions. In the case of FastAccess, Sensible Vision documents the likely conditions under which photo access may be possible in its product Help files and FAQs, along with specific recommended solutions such as the use of simultaneous multi-factor security when an attack is likely.

A level of security no other solution offers

“Systems running FastAccess are truly more secure both because of the increased difficulty in unauthorized access and – more importantly – because it can automatically secure the desktop when the user is no longer in control of the machine,” said Azar. “This effectively prevents unauthorized access by someone simply walking up to an open computer or mobile device. Unauthorized access to an unlocked app is a very significant threat because it requires no effort, expertise or time.”

About Sensible Vision

Headquartered in Cape Coral FL, Sensible Vision Inc. (http://www.sensiblevision.com) is the leading provider of face authentication and continuous security software. Sensible Vision’s flagship product, FastAccess™ provides quick and continuous authentication and access control for computers and mobile apps. Using patented biometric facial recognition and supporting technologies, it speeds and simplifies access to the computer in a way that is economical and easy to deploy with an SDK or as a turnkey solution.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Mike James
Sensible Vision Inc.
+1 269 932-4548 Ext: 705
Email >

Ilan Shmargad
Visit website