Sellers offer a way to beat facial recognition in China
Vendors on Alibaba sites Taobao and Xianyu animate still images of faces to help people create fake dating profiles
Facial recognition is everywhere in China these days. Even China’s most popular dating app, a Tinder-like service called Tantan, only allows someone to become a verified user by letting the app scan their face, matching it with the person’s profile picture.
But one Chinese news outlet has found there’s a way to cheat the system. Or at least that’s what Taobao sellers are promising.
(Abacus is a unit of the South China Morning Post, which is owned by Alibaba, the operator of Taobao and Xianyu.)
The services use software to animate still images of faces, with the resulting video being used to pass apps’ facial recognition, which usually require users to blink or move their heads, proving they’re not just a still image.
The services are aimed at scammers on Tantan, the report says. Scammers reportedly create fake dating profiles to trick users into buying fake products, lotteries or stocks. And some even promote prostitution with fake profiles of women.
People looking to use these services have to provide the vendors with the profile pictures they want to use and the account login details. The vendors will then verify the users’ Tantan account, according to The Beijing News. One of the organization’s reporters successfully became a verified user with pictures of Chinese actor Wen Zhang.
When I reached out to one of these vendors on Taobao, I was asked to talk to them on WeChat. The Beijing News reported this is a common way of trying to avoid scrutiny on Taobao. The vendor then sent me a video showing what their software does… and the effect is surreal.
According to media reports, one piece of software vendors use to achieve this is Crazytalk, a program from US-based Reallusion that animates images of faces or uses them to generate a 3D talking head. So I downloaded the software and gave it a try myself.
I asked the vendor whether the facial recognition works by playing the video in front of a smartphone, and the vendor said yes. But it didn’t work when I tried it for myself.
I created a Tantan profile and picked a profile picture from ThisPersonDoesNotExist.com, a site that uses AI to generate fake human faces. Then I used Crazytalk to add motion to the face. I recorded the animated face in a video and played it back to the Tantan app, but I didn’t pass the verification.
We reached out to Tantan with questions about its facial verification system, but we didn’t get a response.
Crazytalk is only one option for this kind of software. While media reports suggest its popular among vendors, it’s not clear exactly what software they use or how they use it to pass verification. On a page for Crazytalk on Baidu’s forum site Tieba, users request and post tutorials on how to spoof facial verification systems.
We reached out to Alibaba about these vendors on its ecommerce platforms, but the company did not respond. By the time of publication, though, the listings providing facial verification services for Tantan had disappeared.
But similar services are still available on Xianyu. The listings can even be found on Taobao, where searching “passing app’s facial verification” shows more than a dozen Xianyu listings. Some of them, like the vendors mentioned above, say they can verify accounts for you, while others sell tutorials. Many of them claim that their services work on multiple apps.
This kind of spoofing isn’t new. In March 2017, an annual consumer rights show from Chinese state broadcaster CCTV had an expert from 360 Artificial Intelligence Institute demonstrate a similar attack on stage. The expert said companies hadn’t paid enough attention to liveness detection, a method of ensuring that the system is looking at a real live human’s face instead of a digital reproduction. Every year, the show names and shames companies for malpractice, which has led to apologies from major domestic and foreign companies like Volkswagen and McDonald’s.
No companies were called out in this segment on spoofing facial recognition. But China’s leading mobile payment app Alipay, which has been promoting its facial recognition payment function, published a statement on Weibo saying that facial recognition is just one part of its system for protecting user accounts. The company added that it will fully compensate users if their accounts are stolen by strangers through facial recognition.
Alipay says on its website that the company uses passive liveness detection. We asked Alipay owner and Alibaba affiliate Ant Financial for more information about how it works, but the company declined to comment.