A Chinese team called RealAI recently used a pair of glasses to break the face recognition of 19 Android phones and a dozen apps through an adversarial example attack.
The team, born from Tsinghua University's Institute of Artificial Intelligence, generated an interference pattern of the eyes through an algorithm after getting a photo of the targeted person. Testers will print the pattern, cut out and paste it to the frame, put on the glasses, and face the phone to complete the crack.
RealAI selected 20 cell phones for testing, except for one iPhone 11, the Android phones were cracked within 15 minutes.
The 19 phones covered the top five Chinese phone brands, from low-end models to flagship models. One of them is the latest flagship model released in December last year.
In addition to cracking the cell phone facial unlocking system, RealAI also passed the face recognition authentication of some government and financial apps through adversarial example attack, and even impersonated the owner and completed the bank account opening online.
Although it is difficult to develop the core algorithm, if a hacker maliciously open-sources this algorithm, it will greatly reduce the difficulty of cracking it, RealAI said.
The researchers suggest that face recognition applications could add modules that examine adversarial examples in the authentication process to guard against such risks.