The Insecurity of Facial Recognition

Cyber Security Assessment

The monumental success of the semi-automated facial recognition traces its roots back in the Los Angeles County Sheriff’s Department in 1988. Detectives used composite drawings of suspects and ran them through the very first system deployed to the Lakewood Division, in hopes that the digitized mugshots in their database would reveal who their prime suspect would be.

Facial recognition technology has since evolved from helping detectives close a critical case to becoming an everyday tool for the common person. As a technological development, the impact is twofold — on one hand, facial recognition software continues to help law enforcement pinpoint suspicious or malicious persons; on the other, mass consumer availability and use could mean that anyone’s biometric information could be stolen, leaked, or compromised. In a time where personal information lies in the intricacies of a person’s face, how does one keep it safe?

How Facial Recognition Works

Facial recognition begins when meeting someone for the first time. The eyes communicate information such as eye color, nose shape, and skin color to the brain. From there, the brain then commits specific facial features to memory, putting together these individual parts to create a whole face. Later, when meeting the person again, the brain does a scan of the person’s face, and recalls these features from memory once again.

In the same way that the human brain scans a person’s face and matches it to faces it already knows and remembers, facial recognition devices conduct scans. The system records the geometry of a person’s face, identifying several facial landmarks such as the space between eyes, the distance from the forehead to chin, and the size of the ears. Each system may differ in the number of landmarks but the result is the same — a unique facial signature.

A good example of this system is Apple’s latest iPhone X. Their system makes use of 30,000 infrared dots  to create and store a 2D infrared image of the user’s face. This allows owners to unlock both the phone and its applications through the use of biometric sensors. For brick-and-mortar stores, this technology is used to scan the faces of regular customers, known shoplifters, or wanted criminals. Upscale hotels also use facial recognition to help staff greet all hotel guests by name as a way to make guests feel extra special.

Facial recognition technology has become more widespread across several different industries, and the uses cover a myriad of purposes. This opens up opportunities for hackers and cyber criminals to access and steal personal data.

Securing facial Recognition Systems

Systems are in place to protect credit card owners who may have their card stolen — they can report the theft to their local bank and have their accounts frozen to prevent any unauthorized withdrawals. However, there are no safeguards in place as of yet, where it concerns facial biometric data.  These compromised biometrics can be used for fraudulent purposes and there are no processes in place to of retrieve or locate  the data. That said since companies store such sensitive information, it is important that they are aware of their possible defenses against hackers.

Companies should Combat Cybercrime  through these tips:

  • Keep systems updated
  • Encrypt confidential communication lines and files
  • Partner with cybersecurity experts
  • Train employees on cybersecurity guidelines

While there is no known, acceptable, and lawful way for democratic governments to regulate the use of the facial recognition technology, companies can pursue best industry practices to combat this threat. In doing their part in properly securing data, these companies will not only protect the integrity of their businesses, but also be able to protect the day-to-day lives of their clients.

Talk with us

Wilson Consulting Group is a cybersecurity firm that aims to provide companies the solutions to keep their systems secure. Our Cyber Security Assessment provides a detailed evaluation of an organization’s existing security policies, procedures, controls, and mechanisms in relation to best practices and industry standards.