Hacking Facial Recognition Systems

Facial recognition is becoming ubiquitous, but how it works is often confused with standard image classification.  In this short, high-level talk we’ll discuss how facial recognition works under the hood, why it’s different from standard image classification and what that means for both data collection and training, as well as what new potential avenues this opens for attack.  We combine this with some examples of hands-on attacks against a collection of pretrained models, as well as a workshop in the wind-down session that will give participants hands-on experience with facial recognition technology, including 1) a clearer understanding of the individual components that go into a facial recognition system, with an eye to identifying potential vulnerabilities and weaknesses in them, 2) an opportunity to examine and construct simple white box “in silico” attacks against a pre-trained system, and 3) an opportunity to experiment in real time with a ‘live’ facial detection/alignment/identification system.