How Cybercriminals Bypass Facial Recognition and What You Can Do

In recent years, technologies such as artificial intelligence, machine vision, and big data have advanced rapidly.

While it streamlines tasks in finance, security, and everyday life, its rapid integration across diverse sectors like transportation, building management, retail, advertising, smart devices, education, healthcare, and entertainment raises critical security concerns. The convenience it offers comes with the vulnerability of exposing sensitive data and can lead to identity theft.

*Examples of Facial Recognition Technology

Security Incident Involving Facial Recognition

The accompanying security risks have also sparked considerable controversy.

A source noted on recent security incident involving facial recognition technology has raised significant concerns about data privacy and security. An iOS Trojan, identified by cybersecurity experts, has been actively harvesting facial recognition data from infected devices. This malicious software infiltrates the system, capturing sensitive biometric information without the user’s knowledge. The stolen data could potentially be used for identity theft, financial fraud, or unauthorized surveillance. This incident underscores the urgent need for robust security measures to protect against such sophisticated cyber threats, highlighting the vulnerabilities even within advanced systems like iOS.

Common Facial Recognition Attack Methods

Cybercriminals can employ various techniques to bypass facial recognition systems.

1. Physical Bypass Attacks

Using methods such as photos and video playback, attempts are made to deceive the camera’s captured data and trick the target App into collecting forged data. Let’s have a look at how cybercriminals bypass face verification.

• Printed Digital Photos: Cybercriminals obtain real photos of the person being impersonated and directly photograph them using the App.
• High-Definition Video: Cybercriminals prepare a real video of the person being attacked, or a synthesized video obtained through image processing, displayed on a screen (high-definition mobile phone screen, retina high-definition, iPad screen, 4K screen, etc.) and photographed using a live App.

• AI Face Swapping (Deepfake): Cybercriminals use AI algorithm capabilities to synthesize videos/images of the target user and inject them into the phone to replace the video, bypassing live detection.

• T-Shaped Glasses: Cybercriminals obtain real photos of the person being impersonated, retain the T-shaped area around the eyes, and wear them as a mask for the photo attack. This type of attack can retain a large part of the impersonated person’s facial features and adds 3D facial characteristics compared to photo and electronic screen attacks, making it a common form of attack used by the dark web to attack motion live detection.

• 3D Masks: Cybercriminals wear a silicone and plastic mask of the person being impersonated for the photo. This type of attack poses a significant challenge to live detection due to the high fidelity of the mask. The cost of this type of attack is also the highest among all material attack types.

2. Kernel and System-Level Facial Replacement Attacks

By customizing ROMs and tampering with key hardware system libraries such as cameras, cybercriminals can make changes at the underlying code level, allowing them to fully control the way camera information is obtained.

3. App Memory Facial Data Replacement Attacks

Using various Hook mechanisms, cybercriminals can hijack image data collection, live recognition mechanisms, business logic functions, and encryption/decryption functions, replacing data or disrupting logic.

4. Traffic Layer Facial Data Replacement Attacks

Before the App transmits information to the server, the data packet is intercepted and modified to replace it with a batch of identity information and facial image information that the cybercriminal has already obtained.

5. Business Logic Bypass Attacks

Using the business logic related to facial recognition, cybercriminals can bypass facial recognition, such as exploiting business logic vulnerabilities, data leaks, unauthorized access, and other security risks.

6. App Repackaging

Virtual camera tools are designed to enhance the user experience by allowing real-time application of various effects and filters to the live camera feed. These tools are particularly useful for live streaming, video chatting, and recording videos with augmented visual effects. Generally, these types of applications might require repackaging or integration with existing apps to function correctly.

*How and chain of facial recognition bypass

Securing with SecIron Solution

To address the security vulnerabilities of facial recognition technology, SecIron’s mobile app monitoring solution, IronSKY, safeguard users from facial recognition bypass risks. The simple, convenient, and effective deployment of IronSKY enables real-time environment analysis, establishing pre-event, in-event, and post-event security insight for the app. This allows users to be aware of potential threats during runtime and even when the app is offline. Even if a cybercriminal executes a man-in-the-middle attack, IronSKY’s offline security policies remain effective. IronSKY goes beyond threat detection. It also provides insightful reporting and analysis, while also automatically blocking facial recognition bypass attempts.

How it works:

Additionally, SecIron’s solution strengthens facial recognition security through code encryption and securing communication protocols, making it significantly harder to crack or tamper with facial data, ultimately securing the app from unauthorized access. This can be achieved via SecIron’s mobile app hardening solution, IronWALL.

An end-to-end app security can be achieved by connecting both security monitoring and app hardening, enabling runtime protection and real-time threat visibility.

Conclusion

As facial recognition technology continues to evolve, so too must the strategies for securing it. By prioritizing security and continuous monitoring, SecIron provides solutions that help businesses and organizations create a safer digital landscape for mobile app users.