Recently, there have been many topics related to face recognition security: according to the Nanning Evening News, a man took advantage of his ex-girlfriend's coma to unlock his girlfriend's mobile phone with his girlfriend's fingerprints, and opened her eyelids, using face recognition to transfer 154,100 yuan from the mobile phone; there was also a message spread on social media, claiming that after a WeChat user connected to his aunt's video call, there was no aunt or anyone to speak in the video, but a few minutes later, the WeChat account was stolen... Are these messages true?
Nanning Evening News report
The message "Stolen number of the video call with the aunt and uncle" was transmitted online
The Jiefang Daily and Shangguan News reporters conducted actual measurements and found that "rolling eyelids" may indeed be transferred; but the possibility of remote number theft of the video is very small.
Experiment one
Flip someone's eyelids to unlock your phone and transfer money
Result: Some Android phones succeeded, Apple phones failed.
For the news of "man turning his ex-girlfriend's eyelids to steal money", some netizens commented: Won't you wake up when you are rolled over? Judging from the news reports, the woman happened to be sick at the time, and also drank cold medicine, which did not rule out the situation that she slept more deeply. So, if you are rolled over your eyelids while you are asleep, can you unlock the mobile phone password and account password based on face recognition technology?
One of the reporter's friends took the initiative to close her eyes and pretend to be asleep and picked up her mobile phone to face, while another friend gently rolled her eyelids to try to unlock the boot. The experimental results show that this operation can indeed unlock the lock screen of some Android mobile phones and complete the transfer through the face recognition authentication of third-party payment software. The Apple phone shows that the recognition is not successful, and the booter is required to enter the unlock password.
"Roll Your Eyes" unlocks some Android phones
Interpretation: Although the lock screen of some Android phones was successfully unlocked and the transfer was completed by rolling their eyelids, this does not mean that the Android phone or related apps are not safe.
Because the basis of face recognition technology is "face". In the "rolling eyelids" experiment, the object is the user himself, if the implementation of the "rolling eyelids" action does not overly cover the face, the recognition system of the mobile phone and related Apps will work normally, so as to complete the unlocking. In layman's terms, mobile phones or related apps cannot judge whether users are actively opening their eyes for face recognition or forced to open their eyes for face recognition.
Of course, the face recognition technology used by different mobile phones is different, which will bring different unlocking effects.
For example, an important reason why Apple's mobile phone did not recognize the "face of the person whose eyelids were turned over" was that it used the 3D information of the face to identify the face. In simple terms, it is that the mobile phone will be thousands of invisible points of light projected on the face of the person, due to the different heights of different parts of the face, the reflection line of these light points can draw a three-dimensional 3D model of the face, combined with the visible light face taken by the front camera, and use the algorithm to combine the texture of the face with the 3D model, so as to get the result of "whether I use it" and "can I unlock it". When the user is rolled over, some of the projected light spots are obscured, making it difficult to build a complete 3D model of the face, which leads to the mobile phone giving a signal of unsuccessful recognition.
3D modeling simulation diagram (Source: Apple's official website)
Therefore, 3D face recognition can prevent flat paper (such as photos), videos and other facial attack methods; coupled with the number of projected light spots and combined with face texture shooting, it can better prevent the use of masks to unlock.
The face recognition technology used by mobile phones in the Android camp is not consistent, some use 3D imaging, and some use key information points to compare faces. Therefore, if the action of "rolling your eyelids" does not affect these key points, it is normal for the mobile phone to be cracked.
It can be seen that in order to prevent the "rolled eyelids transfer" in the media report, in the final analysis, it is still necessary to manage your own mobile phone.
It should be reminded that the behavior of "rolling the eyes of others to transfer money" is suspected of theft. According to the Nanning Evening News, the man who transferred his ex-girlfriend's money was sentenced to three years and six months in prison and fined 20,000 yuan for theft.
Experiment two
Unlock your phone screen with a video call
Result: All failed.
"Rolling your eyelids" can unlock some mobile phones, so can you recognize and steal a number through the face of the system through video calls?
Because Apple's mobile phone adopts 3D information verification technology, which can prevent photos, videos and other "fake faces" from being built, this experiment only tested Android phones, and it is a mobile phone that can be "unlocked by rolling your eyelids".
During the unlocking, the test phone recognized the face in the video for a long time, and finally still said "recognition failed" and failed to unlock. Similarly, various third-party payment software cannot transfer or pay by recognizing the "video face".
The face during the video call failed to unlock the phone
Interpretation: One of the keys to face recognition technology is living recognition, that is, it is a living person, not a video or photo. Therefore, the flat "fake face" and "dummy" such as photos and videos are the most basic disguises to be eliminated by face recognition technology. In this regard, the vast majority of mobile phone companies have accumulated technology, and the probability of "video unlocking" is very low.
At the same time, apps involving payment such as WeChat, Alipay, and online banking of major banks have high security requirements and usually require multi-dimensional verification, including equipment, passwords, usage environment, and usage habits. Usually, behind the "brush face login" and "brush face transfer" that people feel is the service given by the security system after comprehensive judgment of the above dimensions. In the vast majority of cases, if the user changes a mobile phone and does not pass the verification of other dimensions, it is difficult to immediately obtain the convenience of "brush face login" and "brush face transfer".
Taking WeChat as an example, if you only grasp someone else's WeChat account (WeChat ID or mobile phone number) but do not have a password, but want to get a password, then according to the official guidelines of the WeChat Security Center, there are three ways: the bound mobile phone number + SMS verification code login; the bound QQ number + QQ password; the bound mailbox reset password. Either way, it's hard to easily get the corresponding password.
Moreover, even if you have the account number and password, if you want to log in to the WeChat account on a mobile phone that you are not using, you must "pass the customs". WeChat officially provides three ways: SMS verification, original mobile phone scan code verification, and invite friends to verify. But in the online video, the "victim's" mobile phone has been in his own hand, just a few minutes of video calls, it was stolen number, is it possible? Some technicians joke that if the video can be unlocked by stealing the number, then the high-definition video on the network can become a criminal tool, and the stars are more likely to be the target of such tactics - because their high-definition facial details and dynamic pictures frequently appear in public.
When the reporter asked for verification, he also found that the online video was full of loopholes. The videos are mostly posed. In the video, the "victim" sees that the call page has neither the object of the call, nor the mobile phone or camera, but a mess of items. In other words, the "victim" did not see the camera on the other side of the network, how did this get "stolen face"?
Another "hard injury" is that some videos seem to remind you at the end that if you encounter a stolen number, you can call the hotline "9555" to freeze online banking. However, "9555" is a blank number, and the customer service hotlines of different banks are not consistent, and there is no universal telephone that can freeze all bank online banking.
How do I protect my personal account?
Although the "video theft" is not true, it is still necessary to protect personal accounts, and the following points should be noted:
1. Take care of your phone.
2. Do not click/scan links or QR codes from unknown sources at will, and avoid logging into phishing websites.
3. Do not disclose the password and SMS verification code at will. Especially in the case of receiving so-called "customer service calls" and "police calls", it is necessary to verify the authenticity with the real customer service or the police, and the real customer service and the police will not ask for passwords, SMS verification codes, etc.
4. Download the "National Anti-Fraud Center" app and register.
Transferred from: Shanghai Network Debunking Rumors (Ren Chong)
Source: People