Research on Security Vulnerabilities of Facial Recognition Technology: Starting from the Photo Hacking Incident of Fengchao Delivery Cabinets

Background and Experimental Process

In recent years, with the widespread application of facial recognition technology, various smart terminal devices have introduced this biometric identification method. The Fengchao smart delivery cabinet, as an important carrier for community logistics, has also launched a "face-scan to pick up" feature aimed at providing users with a more convenient pickup experience. However, behind this seemingly convenient function lies significant security risks.

Researchers from Class 402 Science Team at Shanghai International Studies University Xiuzhou Foreign Language School discovered serious security vulnerabilities in the facial recognition system of Fengchao delivery cabinets. Through rigorous experimental verification, they confirmed that it only takes a regular color-printed photo to successfully deceive the system and open the cabinet door. The experimental process was meticulously designed: first enabling face-scan pickup in the Fengchao mini-program; then using ordinary A4 paper to print a large headshot of the tester close to real face dimensions. In multiple repeated experiments, using photos succeeded in opening cabinets with an 80% success rate; there was only one instance where shaking caused the system to require additional input for mobile number verification.

Even more concerning is that further tests revealed that even photos taken covertly at long distances with 50x zoom could still deceive the system after similar processing. This phenomenon fully exposes fundamental flaws in current facial recognition technology used by Fengchao systems. Notably, during experiments, operators deliberately avoided live detection ranges by simply aligning printed photos with recognition areas—this simple evasion easily breached system defenses.

Technical Principle Analysis

A deep analysis reveals that this security vulnerability stems from traditional 2D image recognition systems employed by Fengchao delivery cabinets. These systems operate relatively simply: capturing flat images through standard cameras and extracting facial feature points for comparison validation. Due to their lack of depth information collection capabilities, these systems cannot distinguish between real faces and flat images fundamentally.

2D facial recognition technology mainly relies on several key steps: first capturing face regions via camera; second extracting critical features (such as inter-eye distance or nose bridge position); finally comparing extracted features against pre-stored templates in databases for similarity matching. Although this technical route is cost-effective and fast-paced computationally, it inherently lacks safety due to its reliance solely on two-dimensional images which can be easily validated through photographs or videos.

In contrast, higher-security 3D facial recognition systems adopt entirely different technological routes equipped typically with multiple sensors including infrared cameras and depth sensors among others components—for example Huawei's Mate 20 Pro uses structured light technology projecting over thirty thousand invisible light points constructing three-dimensional models while acquiring texture data through infrared imaging forming complete biometric datasets capable effectively distinguishing real faces from forged media like photographs or videos.

Industry Status Quo & Safety Risks

Currently within commercial applications regarding facial-recognition technologies exhibit clear polarization trends—on one hand consumer electronics such as smartphones widely utilize high-security level solutions achieving financial payment-grade protection standards while conversely many commercial devices including delivery cabinets continue employing outdated traditional methods creating severe safety hazards. The incident involving photographic hacking into Fengchao’s cabinet isn’t isolated; numerous fields have seen similar vulnerabilities exposed recently—a study indicated some bank ATMs’ face-recognition mechanisms could likewise be deceived utilizing high-quality imagery while certain residential intelligent access control setups share comparable defects reflecting industry-wide tendencies towards prioritizing convenience alongside cost control neglecting basic protective needs associated therein particularly alarming given social media proliferation making clear frontal user photographs readily accessible attackers need not specialized equipment merely public selfies sourced online suffice fabricate deceptive materials compounded severity arises when personal details combined (some systems necessitate mobile tail numbers supplementary verifications) potentially facilitating targeted theft activities although official responses state functionality remains under testing phases subsequently offline incidents raise profound concerns warranting reflection across entire sector . n### Technical Solutions Discussion nTo address inherent deficiencies within existing two-dimensional recognitions diverse enhancement strategies emerged throughout industry optimal resolution entails deploying authentic three-dimensional techniques wherein multi-sensor collaboration robustly defends against photographic video mask deceptions determining whether device employs genuine three-D tech involves straightforward observations assessing presence sensor holes conducting occlusion tests validating operationality respective sensors . nFor scenarios mandating continued use conventional two-D methodologies integrating liveness detection algorithms significantly boosts safeguards modern liveness detection encompasses various approaches requiring users perform random actions blinking mouth movements analyzing micro-expressions blood flow variations detecting screen reflections moiré patterns etc additionally multifactor authentication mechanisms substantially elevate overall protections combining identity verifications text codes fingerprint scanning other modalities . nFrom design perspectives applying face-recognition functionalities contexts implicating asset safeguarding should establish comprehensive risk management frameworks encompassing frequency limitations anomaly monitoring secondary validation triggers maintaining thorough operation logs ensuring traceability issues arise though measures slightly diminish seamlessness user experiences crucial securing property rights users . n### Legal & Responsibility Attribution Issues When biometric technologies suffer breaches leading losses often liability attribution becomes contentious focal point considering case if individual’s package collected unauthorized due aforementioned vulnerabilities theoretically involve multilateral responsibilities did tech providers fulfill obligations notifying about potential dangers? Did operating entities implement reasonable precautionary protocols? Was user negligent managing photographical data? nChina’s Cybersecurity Law Personal Information Protection Act stipulate explicit requirements surrounding biometrics acquisition utilization enterprises must guarantee reliability whilst fulfilling adequate risk notification duties consumer rights advocacy standpoint whenever new innovations adversely impact clientele interests operators ought bear primary accountability since laypersons unlikely foresee latent threats posed technologies involved cases reflect absence uniform standards governing novel implementations presently varying degrees adherence prevalent among firms consequently regulatory bodies expedite formulation tailored guidelines delineating necessary technical assurances corresponding differing levels risks entailed applications accordingly enhance efficacy regulations compliance improving overarching ecosystem integrity . n ### User Protective Recommendations Industry Outlook Given ongoing exposure surrounding present-day challenges pertaining effective deployment relevant safeguards average consumers may undertake proactive countermeasures cautiously activating any form identification especially financially sensitive situations bolster privacy controls social platforms minimize sharing high-resolution frontal shots periodically update passwords refrain duplicative credentials upon discovering anomalies promptly freeze implicated services retain evidence documenting events occurring thus far , looking ahead balanced interplay between accessibility robustness essential future developments around secure yet efficient implementation human-centered designs focusing optimization algorithmic enhancements amidst persistent costs related adopting advanced forms facilitate innovation without compromising core principles protecting individuals assets private information vulnerable environments both technologically administratively fostering holistic collaborative approach yield fruitful outcomes ultimately advancing utility emerging tools responsibly enhancing everyday lives stakeholders alike.