A Stanford University researcher used a generative adversarial network to exploit facial biometrics vulnerabilities in two popular dating apps.
Given the potentially very negative results possible with fraudulent data in online profiles of all kinds, there is a clear interest in detecting and starting imposters.
The goal was not simply to fool a verification custodian, but to do so with a digital photo that had been altered enough to be a qualitatively different image.
In fact, the biometric spoofing technique could have bypassed some verification software by using an image of a young man that had been altered to show a nominally female image, according to researcher Sanjana Sarda in a new preprint paper.
Sarda focused on the Bumble and Tinder apps, which require potential subscribers to take a photo of themselves using their built-in camera. This image is compared to other photographs that the person submits for upload to the account.
In the research, she was able to generate images with vectors of characteristics similar to the genuine item.
A pre-trained StyleGAN v2 model was used on the user dataset to fabricate an alternative image that was demonstrably different from the training set images. It should be noted that Sarda used images of herself rather than photos of previous models and volunteers.
Gender swapped images did not pass through verification.
It took two attempts (the second included altered lighting conditions) to bypass Bumble’s defenses. Tinder was no fool. Both, however, were beaten by images that didn’t try to portray the incorrect gender.
Biometrics vendors are working on better systems.
Startup Nametag says it can make online relationships, including dates and hookups, less strained. Executives say they can secure user accounts with real-time identity-based biometric verification.
The product is built on physical identification documents, a photograph to be compared with a government ID, information behaviors and customer consent before sharing data.
Another verification company, Sum and Substance (also trading as sumsub) claims in a blog post examining romance scams that its software can perform four important tasks on users in less than a minute: document verification, liveliness and face matching, behavioral fraud pattern detection and biometric face authentication.
biometric liveness detection | biometrics | biometric search | facial biometrics | identity verification | mobile app | NameTag | usurpation | sumsub