Posted by Sheila Shayon on July 3, 2012 11:01 AM
With facial recognition technology all the rage, it’s fitting, in an eponymous way that Facebook is advancing the art with its recent acquisition of Face.com for the startup's Klik, a recently updated app that makes tagging friends in photos that much easier.
But no sooner was the deal done than vulnerability in the app was discovered that allowed users to access each others' Facebook and Twitter accounts. Now corrected, it resulted from Face.com storing Facebook and Twitter OAuth tokens, unique authentication keys, on its servers insecurely, said Ashkan Soltani, an independent security researcher who reportedly discovered the breach and posted the story here.
The incident highlights growing concerns about privacy issues associated with facial recognition technologies, including accessibility to private photos, friend lists, or bogus status updates and tweets posted via user’s names.
According to PCworld.com, “An attacker could hijack a popular user's account ‚ like Lady Gaga's, had she used KLIK — and build face prints for their millions of Facebook friends. Then they could match those in real time to people walking down the street."
Solutions to mitigate the invasive powers of facial recognition technologies range from policy proposals to counter-apps such as FaceLock for Apps. “The free version allows users to lock Settings, Play Store, Task Manager, and one application of choice. While this is by no means a way of completely securing your device, it’s a pretty cool way of preventing access to specific device features.
“Once the app is trained to recognize your face, any protected app will automatically initiate your front facing camera (which is a requirement for this app, for obvious reasons). Should your face not be recognised, it will ask you for the pin/password you set as a failsafe.”Continue reading...