Facial recognition gives security IT a blow to the face
The merger of Face.com and Facebook was originally lauded by the software company on its blog but data security questions immediately began to arise due to privacy concerns but the fact that KLIK, Face.com's mobile app, may have come with a dirty little secret.
Biometrics technology like fingerprint readers and voice software are well-known aspects of advanced data security techniques. Following that trend in enhancing user experience and safety, Facebook recently purchased its own facial recognition software, but it may be that the social media site got more than it originally bargained for.
The merger of Face.com and Facebook was originally lauded by the software company on its blog, bringing both 'faces' together. However, data security questions immediately began to arise, not just due to privacy concerns but the fact that KLIK, Face.com's mobile app, may have come with a dirty little secret.
Peeking on privacy
The concerns surrounding facial recognition are twofold, according to the San Francisco Chronicle. First, there's the problem that different degrees of accuracy could result in false identification, and then the issue of privacy control wherein anyone can find any person in any image by face alone.
Data security fears with Face especially are bolstered by the dual acquisition by Facebook of both the company's online features and its mobile app. This software allows smartphone users to log in to social media sites, access email and various other applications using recognition software instead of a traditional password.
Wired reported recently though that KLIK has already been hijacked in the past. The magazine said researchers found a loophole in the program, designed to assist in photo uploading, which potentially let anyone hack a user's connected social networking accounts. The issue seemed to be associated with token storage, according to specialist Ashkan Soltani, the researcher who discovered the problem. Face's cloud security protocols weren't sufficient to safeguard login information saved from various other sites, allowing these values to be viewed by third parties.
Maintaining anonymity
Even though many users like uploading images with Instagram or other dedicated photo sharing networks, not everyone wants these pictures associated to their personal accounts. Wired reported this was in part due to a fear of having employers or government officials tie an identity back to a person based on facial recognition software, but the privacy issue could go a step further to turning this biometric into a data security risk.
The National Science and Technology Council, in association with the Committee on Homeland Security, investigated biometric technology and released a report specifying how in-depth and thorough these software packages have to be in order to actually provide security rather than just the facsimile of it. A variety of images from different angles as well as tokenization methods should be used in verification practices, according to a release on the technology.
Not the first
While concerns over privacy and security continue to surround Facebook, it isn't the first company to employ the biometrics technology and won't be the last. Samsung recently released its new Galaxy S III with biometric security features, and Reuters reported that Intel will debut a line of television services similar to Microsoft's Kinect that will provide advertising experiences specific to those watching.
Understanding the best way to apply this technology will keep consumers and companies safe from data breaches while better protecting business continuity. The benefits of increased data protection through facial recognition software could be enhanced with correct implementation, but considering that most Facebook users will be accessing the site and its Face software from a basic PC or smartphone, it's unlikely that federal validation protocols will be used.
Spotlight
Cloud Computing
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
- Desktop virtualization can enhance security performance
- Cybersecurity cooperation becoming military necessity
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- FBI trying to train financial execs on cyber threats
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet