What is Image Spoofing and How to Prevent It? | EasyDMARC

What is Image Spoofing and How to Prevent It?

6 Min Read
A person's image holing some square object on a dark background,with the EasyDMARC logo on the left side

How easy it is nowadays simply look into your device and gain access!

No need to type long passwords, right? But do you think it’s a 100% foolproof method, especially when you’ve been using it for operational purposes in your company? 

No, biometrics face recognition systems are vulnerable to spoofing attacks as bad actors can use your photos and videos to bypass security parameters. There have been many instances that prove why facial recognition alone isn’t a reliable method. 

In 2020, due to many fraudulent claims of unemployment benefits, Washington state had to pause the program briefly. Spoofers stole Social Security numbers using image spoofing techniques, which led to the loss of $1.6 million. Scary, no?

But if you think it’s a modern-day technique, let us take you back to its dawn. Facial recognition was actually developed by Woody Bledsoe, Helen Chan Wolf, and Charles Bisson in the 1960s; 

However, it couldn’t be published due to internal complications. Between 1960 and 2000, it experienced progress with the contribution of multiple experts. It was in the 2000s that the US government started using facial recognition for various purposes, and further developments gave it an entry into private businesses as well.

Presently, efforts are steered in a direction to make facial recognition a 100% foolproof, but the number of image spoofing attacks is rising perpetually. What is image spoofing and how does it work, though?

If your business model relies on face recognition, we encourage you to read this blog till the end. 

What is Image Spoofing?

Image spoofing, also known as facial spoofing, is a form of cyberattack in which criminals try accessa device or system through facial biometrics. They generally use a photo or video to supersede the original owner’s identity and conduct a face spoof attack.

The techniques of face spoofing can be used for crimes linked with banking, social media, emails, and more, which can be detrimental for businesses using facial recognition to run operations. Hackers can gain access to devices and systems in which facial recognition is enabled to steal the information or send messages, emails, and similar requests in the company’s name. 

Bad actors usually target small and mid-sized businesses for spoofing face recognition crimes as they have weaker or no security systems installed on their devices. Do you know that 30% of small and medium-sized businesses running in the USA don’t have a robust system against image spoofing?

Facial Spoofing Types

Now that you know more about image spoofing, let’s jump to its types. There are two common types; 2D presentations and 3D presentations (static or dynamic).

2D Presentation Attacks

Static 2D image spoofing is done using photographs, flat paper, or masks. Whereas multiple pictures in a sequence or screen video are used for dynamic attacks.

3D Presentation Attacks

In its static form, cybercriminals use 3D pictures and sculptures. On the other hand, advanced robots are used for dynamic 3D presentation attacks.

How to Prevent Image Spoofing?

There are multiple ways to prevent image spoofing, and all of them fall under the liveness detection technique. 

What is Liveness Detection?

It basically detects if the facial biometrics are alive or replicated. The process is undertaken using computer vision technology that prevents image spoofing by barring representations like photographs, videos, or masks.

The liveness detection technique can either be active or passive. Let’s dig a bit deeper to understand each one.

  • Active Liveness: This works by checking the liveness by building communication between face recognition systems. In this interactive and efficient approach for catching a face spoof, users are required to stand in front of a camera and carry out some actions (like smiling or nodding) as guided by the system. 

In most cases, the actions are random, which means the spoofers can’t detect what comes up. This makes it challenging for them to bypass this security feature. 

  • Passive Liveness: Active liveness detection protocols may be unfit for some systems as they’re based on user interaction. In such cases, passive liveness detection comes to the rescue. 

Here, users aren’t at all aware that they’re being tested; thus, it’s a robust and foolproof way to prevent image spoofing.

Common Anti-Image Spoofing Techniques

To learn more about how to prevent image spoofing, let’s discuss liveness detection methods based on texture, color, movement, shape, or reflectance.

The natural eye blinking test is considered very accurate. A human being blinks 25-30 times in a minute, and the eyes remain shut for nearly 250 milliseconds during every blink.

New technology-based state-of-the-art cameras capture videos with minimal intervals between consecutive frames. So, the number of blinks is counted, which helps identify spoofing face recognition.

Deep Learning

This technique of preventing image spoofing uses a convolutional neural network (CNN) trained to locate the difference between real and spoofed graphics. CNN is a technique based on artificial intelligence and is meant to determine pixel data.

Challenge-Response Techniques

This method is all about validating the user’s biometrics, based on challenges like smiling. However, it demands additional inputs, which hampers the overall user experience. So, if your business model involves facial recognition and you wish to deploy this technology, it might not be fruitful.

3D Cameras

It’s concluded as one of the most reliable methods to avert face spoofing. This works by determining the pixel depth information. The pixel depth of a face differs from a flat shape, which helps in barring entry of fake representations.

Active Flash

This supports the anti-image spoofing exercise by using light reflection on a face. Low-light surroundings are used here with additional light coming from the device’s screen only. This catches fake faces as the white light gives off a reflection.

The system is trained to analyze the before and after flash versions of the face, followed by calculating the pixel depth.

Final Thoughts

The number of spoofing attacks has soared significantly after the first peak of Covid-19. In 2020, $4.1 billion was lost to bad actors, making it imperative to recognize email spoofing, DNS spoofing, IP spoofing, and other cyberattacks.

Presently, deep learning is considered the most reliable method to catch 2D and 3D presentations, and the upcoming spoofing face recognition apps and software are expected to use this only. However, there’s a need for sensible metrics creation if we want to get 100% accurate results from these software and apps.

Various authors from EasyDMARC teams have contributed to our blog during company's lifetime. This author brings everyone together.


Inline Feedbacks
View all comments

succees We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.

succees You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us