3D Printed Masks are Fooling Facial Recognition on Alipay and WeChat Pay
Kneron fooled banks, airports and border controls in tests of its printed masks, before trying out more familiar prey: China’s giant payment players, Alipay and WeChat Pay. This showed up the flaws in their supposedly ‘infallible’ systems.
Facial recognition technology has brought great convenience to people’s lives and has also played an active role in finding missing people –and rescue, security, detection and anti-terrorism. Meanwhile, the public concerns over infringing privacy and leaking personal information have never ceased. However, the concerns haven’t fix everything and new questions are starting to appear.
According to Fortune, a US-based AI solution provider, Kneron, fooled facial payment devices run by two payment juggernauts in China -- Alipay and WeChat Pay (also known as Tenpay). Moreover, they also duped facial recognition systems at border crossings in China and at Amsterdam’s Schipol Airport.
This shows the threat to the privacy of users with sub-par facial recognition that is masquerading as AI. Technology is available to fix these issues, but firms have not upgraded it. They are taking shortcuts at the expense of security.
-- Kneron’s CEO, Albert Liu
AliPay and WeChat pay responded to the news on December 18. Alipay stated that it had previously tried to contact Kneron for detailed information, but the company removed the video without providing more information; WeChat stated that it had adopted several technologies to defend against the video, photo, and mask attacks. Meanwhile, both Alipay and WeChat Pay have announced that if face-to-face payments have resulted in unauthorized use, users can apply for full compensation.
At present, face recognition technology in the computer vision sector can be divided into two categories: 2D-based images and 3D-based images. Alipay and WeChat Pay both adopt the highest-level 3D facial recognition technology. However, the weak responses of the two to this crisis implies a loose grip on the technology as a whole.
Even though the facial payment tablets of Alipay and WeChat Pay are safe, with more startups and companies deploying facial recognition technology and collecting user data, how can we be sure that they are legit?
The four major players in China’s computer vision markets are SenseTime, Megvii, Yitu and Cloudbotics. Previously, due to insufficient technological innovation, limited promotion and high cost, computer vision – especially facial recognition – has been constrained in public use and has not been deployed into a broader range of commercial applications.
However, as the application of facial recognition has expanded from security and public places such as communities, streets, subways, office buildings and shopping malls to an ‘omnichannel’ model. Smartphone manufacturers and payment companies, entertainment apps, online education and even school classrooms can collect all the facial data standing on their hands.
Now the rapid rise of these emerging technology companies is the result of the rapid expansion of the technology, moving from the public domain to the consumer domain.
Kneron’s test shows us the risk of financial fraud and personal identity embezzlement. Nevertheless, other mobile apps users and students in the classroom may face more precipitous situation than Alipay and WeChat Pay customers. Apart from a self-protective awareness (or is this vulnerable and useless already?) we can hardly trust the self-ethical restraint of emerging computer vision companies in the face of commercial interests.