There was a recent post on The Hacker News which shows that android phone's current facial recognition security software can be fooled with a simple picture of the person's face.
However, "Burn Notice" (show on USA) publicly outed this technique of fooling facial recognition based security systems a few seasons ago. I cant find the exact episode right now, but I remember it was during season 1, or 2. I did find a post on the "myth busters" forum which was posted 09-19-08, so it would likely be before that date during the airing of season 2.
I believe I also recall a few years ago, there was news that kids in japan where getting alcohol from vending machines that used facial recognition software using parent's photos similar to this security bypass.
Either way, clearly with only 1 camera, there is no depth perception. Facial recognition security systems need to start taking such into account.
To try and prevent this type of bio-metric security bypass flaw... 3D perspective facial recognition needs to be used. Both hardware (2 cameras, like our eyes) and software to handle such perspective recognition would need to be enabled.
For now however it would be good to also enable a required passphrase. an extra layer of security. something you have (your face), and something you know (the passphrase). and/or perhaps come up with a way to require another external pass-phrase protected PKI (private key infrastructure), for instance on an SD card.
Or create a blue-tooth enabled (close range) broadcast chip. You would only want it to broadcast for a couple of feet. For instance, when you click a button, you would want a few feet broadcast of the "key" (something you have), that still requires a passphrase (something you know). Perhaps a bluetooth chip in a necklace, rign, watch, ect.
--
Hope someone finds the thoughts/ideas helpful,
- nairb
