Face recognition is increasingly popular in mobile apps, especially for critical tasks like opening a bank account. To prevent identity spoof using injected images, liveness detection is crucial. This is particularly important due to the widespread availability of stolen identity documents and selfies on the black market.
While many researchers have studied deepfake or presentation attacks that target machine learning models, few have addressed the protocol design or implementation issues in face recognition systems that can enable low-cost and easy-to-scale attacks. Starting from several real-world incidents of non-deepfake attacks, we will delve into the technical aspect of mobile face recognition spoofing. Our analysis of 18 mobile face recognition libraries, including those from industry leaders, reveals their security flaws that can result in liveness detection bypasses....
By: Wing Cheong Lau , Kaixuan Luo , Xianbo Wang
Full Abstract and Presentation Materials: www.blackhat.c...