Facial Recognition Software Creates Vulnerabilities in Mobile Banking Apps
Two recent studies have revealed potential vulnerabilities in facial recognition software. Researchers have been able to trick phones with fake photos to log into mobile apps, which could be particularly dangerous for the mobile banking industry.
The first study, published on Wired, was conducted at the University of North Carolina. Researchers created 3D facial models based on photos from the Internet. With the help of virtual reality software, they were able to create believable motion in the models that passed a smartphone’s biometric system.
While this may seem like an elaborate way to hack into someone’s phone, and subsequently a mobile bank account, it does show that even sophisticated facial recognition software is not enough to prevent hackers from getting what they want. As long as they can pull your features from posts on social media, they have the potential to get into your smart devices.
The other study, published on Business Insider, explored the use of Apple’s “Live Photos” feature as a way to get into mobile banking apps. The fintech company 11:FS was able to log into two separate mobile banking apps by using a Live Photo on another device. The Live Photos feature captures movements that biometrics systems naturally check, such as blinking and slight head motions. While still photos may not be enough to get into the apps, Live Photos on iPhones are, at least in some cases.
Meagan Johnson, director of research at 11:FS, explained the study as follows: “What you have to do is log in using biometrics. Once you log in to the secure site on the app just blink a few times and it records you blinking. We got a picture of me blinking which then was a Live Photo. We pressed down on the Live Photo facing my phone with the facial recognition screen open. After five seconds it picked it up and it logged us straight into the app.”