[peteretep]

> That Can Bypass Over 40% Of Facial ID Authentication Systems

Turns out to actually mean "three CNN-based face descriptors: SphereFace, FaceNet and Dlib", which best I can tell are two academic projects and an open-source library.

By far the largest deployed facial authentication system is of course Face ID, which this has zero/zilch/no chance at all of working against.

What a terrible, terrible headline.

[lmilcin]

So I understand the first part of your argument, and it may be very bad headline, I agree.

But to say it has no chance to work against Face ID is just saying YOU don't know how to make it work.

It is short sighted, to say it delicately.

An intelligent enough person will understand there are millions even more intelligent and highly motivated people and there is no way to be sure about what they can't do short of breaking physics laws.

[coldcode]

FaceID uses a 3d surface to identify your face. These GANs are making 2d images. Until you can make a dynamic controllable 3d surface and generate the faces in 3d you have no hope of defeating FaceID.

[MillenialMan]

Is this true? I would have thought all you would need is to give it an input that maps to a 3d surface that's adversarial. There's an extra step in the pre-prep pipeline, but the basic technique is the same - gradient descent on inputs until you derive those that are sufficiently adversarial.

All neural nets are vulnerable to adversarial examples. It's a fundamental property they hold, because they're essentially stacked linear models. So (for example) they get more confident about their predictions when given a sufficiently out-of-domain input - adversarial training is essentially just finding paths that trigger an out-of-domain response.

I don't see how an additional transformation before input precludes that.

[e_proxus]

Unless you can either produce the correct 3D surface itself or fool the sensors somehow I don’t see how the inner implementation matters.

Or do you mean attacking the inner network somehow from inside the system?

[MillenialMan]

I mean you train your network to produce images that translate into adversarial 3d surfaces.

You don't need to produce the correct 3d surface if the surface recogniser is neural - you just need to produce a 3d surface that's adversarial. The adversarial surface could be completely unrealistic, like these adversarial images. (Although the adversarial generator could also be trained with "realism" as a constraint.)

Are they able to detect depth independent of the surface of a presented image? That would make it harder, but the point of failure then is just figuring out a way to dynamically fool them. I wouldn't be confident saying that's impossible.

[pricecomstock]

Yes, FaceID uses actual depth/distance data by projecting IR dots during scanning. So you would either need to very precisely mock these somehow, or create an actual 3D surface.

https://support.apple.com/en-us/HT208108

[e_proxus]

Yes, Face ID uses infrared depth sensors so it shouldn’t be possible to use just a printed image. You might be able to fool it with by printing with some strange material that fools them, but I don’t see the point with coming up with such an advanced technique. Then you might as well just print a 3D model.

[netr0ute]

You don't know that there won't soon be a GAN-controlled animatronic face coming.

[lmilcin]

We are cheating our eyes and brains with 3D goggles.

Don't you think you are too enthusiastic saying 3D facial authentication cannot be fooled?

It is basically an exercise in projecting right image, something that already a large number of people are working on.

[skoskie]

> Don't you think you are too enthusiastic saying 3D facial authentication cannot be fooled?

That is not what was said. The commenter stated that THIS 2D GAN method has no chance against FaceID, and if you understand the way FaceID works you would understand they are absolutely correct.

FaceID shines dots on the user’s face and measures the distortion of those dots across the facial topology. Using this method on a 2D surface will result in no distortion, and therefore fail.

[rusticpenn]

There is a huge advantage in getting better patterns when you get to use depth data ( like face id does).

[lmilcin]

The question is not whether you get advantage, but whether it makes it impossible to break.

I am responding to this comment:

"By far the largest deployed facial authentication system is of course Face ID, which this has zero/zilch/no chance at all of working against."

"zero", "zilch", "no chance" -- suggest overconfidence to me. This is not healthy when discussing any authentication system and especially one based on trained model where we don't exactly understand relation between input and output.

[rusticpenn]

It doesn't have to be impossible, It has to be harder than a complex password.

[MathYouF]

The model doesn't even output the data in the correct format, rgbdit (depth, infrared, time).

So his statement is entirely correct. This model has absolutely no chance of fooling the current most popular facial detection system.

It creates a key that doesn't even fit in the lock, much less have the correct pin heights.

If your point is that this approach and architecture might contribute to a model that can beat FaceID, that's entirely valid to say as well.

[ericbarrett]

Read Apple’s public docs; it wouldn’t be so simple: https://support.apple.com/en-us/HT208108

[diegoperini]

So the mentioned 40% is a lie? Otherwise the headline seems accurate.

[peteretep]

Also the description "facial ID authentication systems". An accurate headline would be "we were able to confuse some open-source face recognition systems"

[wishawa]

They're beating facial recognition systems, not facial authentication systems.

[lmilcin]

It is practically the same assuming the output from facial recognition is then fed as input to authentication.

[webmaven]

That's a false assumption. 2D facial recognition isn't an input to 3D facial authentication.

[lmilcin]

We are cheating our eyes and brains with 3D goggles.

Don't you think you are too enthusiastic saying 3D facial authentication cannot be fooled?

[webmaven]

> Don't you think you are too enthusiastic saying 3D facial authentication cannot be fooled?

Where did I say that?

[make3]

do you know how face id works? or this is just a.. gut feeling