Researchers have shown off the ability to discover personal data using simple face recognition software
A new security loophole from photographs has been identified by researchers in the United States. And this time is extremely difficult to counteract it, as it is your face.
Researchers at Carnegie Mellon University announced on Monday that they had demonstrated the ability to identify strangers and gain their personal information, even their social security numbers, by using a combination of facial recognition software and social media profiles.
The new study by Alessandro Acquisti and his research team at Carnegie Mellon will be presented later this week at the Black Hat security conference in Las Vegas.
“A person’s face is the veritable link between her offline and online identities,” said Acquisti, associate professor of information technology and public policy at the Heinz College and a Carnegie Mellon CyLab researcher. “When we share tagged photos of ourselves online, it becomes possible for others to link our face to our names in situations where we would normally expect anonymity.”
It seems that Acquisti and his research team used a combination of three technologies.
First was an “off-the-shelf face recogniser,” the second was cloud computing, and third publicly available information from social network sites. They used the social networking information to identify individuals.
“Since these technologies are also accessible by end-users, the results foreshadow a future when we all may be recognisable on the street – not just by friends or government agencies using sophisticated devices, but by anyone with a smartphone and Internet connection,” said the researchers
The team then apparently ran three experiments and developed one mobile phone application as a result.
In one experiment, Acquisti’s team identified individuals on a popular online dating site where members protect their privacy through pseudonyms. In a second experiment, they identified students walking on campus – based on their profile photos on Facebook. In a third experiment, the research team predicted personal interests, and in some cases, even the Social Security numbers of the students, beginning with only a photo of their faces.
But how exactly were the researcher able to predict people’s social security numbers from photos?
Well according to the Wall Street Journal, the way it works is this. The researchers fed a photo of someone’s face into the PittPatt face recogniser program. This programme then compared the photo to publicly available Facebook photos.
The program apparently takes less than 3 seconds to come up with 10 possible matching faces, and accompanying names. Apparently the program has a 30 percent accurate rating. The research team then used data from Facebook profiles to learn or predict possible birth dates or their places of birth.
They were then able to utilise this data, coupled with knowledge of how the American social security numbering system works, to predict the first five digits of a person’s social security number. This is the really sensitive part of a person’s social security number and they apparently were able to successfully do this 27 percent of the time.
“The seamless merging of online and offline data that face recognition and social media make possible raises the issue of what privacy will mean in an augmented reality world,” Acquisti said.
The researchers said that the uptake of cloud computing will continue to improve performance times at cheaper prices. They also said that online people-tagging and face recognition software will continue to provide more means of identification.
“Ultimately, all this access is going to force us to reconsider our notions of privacy,” Acquisti said.
Facebook of course finds itself in the middle of a controversy over the issue, when it was revealed in June that Facebook’s photo tagging suggestions feature uses facial recognition technology.
When users upload new photos, Facebook scans them with facial recognition software to match new photos to other photos a user is tagged in. Similar photos are then grouped together, with Facebook suggesting the name of the friend in photos.
Facebook admitted to its users that the feature had been enabled in the US since December 2010.
The move is of course highly controversial and Facebook is facing pressure from the Electronic Privacy Information Centre, other consumer advocates, as well as US Congress members over the issue.