Executive Summary
In March 2026, cybersecurity expert Jake Moore demonstrated multiple methods to bypass facial recognition systems, highlighting significant vulnerabilities in this widely adopted technology. Utilizing modified smart glasses, Moore identified individuals in public spaces by matching their faces to online data sources in real-time. He also successfully opened a bank account using an AI-generated image, which was accepted by the bank's facial recognition and eKYC platform. Additionally, by employing real-time face swap software, Moore evaded detection by a facial recognition watchlist at a London train station. These experiments underscore the ease with which facial recognition systems can be deceived using readily available tools and techniques. The increasing reliance on facial recognition for security and authentication purposes necessitates a critical evaluation of its robustness. Moore's findings serve as a wake-up call for organizations to reassess the effectiveness of their biometric security measures and to consider implementing additional safeguards to mitigate potential exploitation.
Why This Matters Now
The proliferation of facial recognition technology in security and authentication systems is accompanied by emerging threats that exploit its vulnerabilities. Moore's demonstrations reveal that even widely trusted biometric systems can be compromised using accessible tools, emphasizing the urgent need for enhanced security protocols and continuous evaluation of biometric technologies to prevent unauthorized access and identity fraud.
Attack Path Analysis
An adversary exploited vulnerabilities in facial recognition systems to bypass authentication mechanisms, escalating privileges to access sensitive data. They moved laterally within the network, established command and control channels, exfiltrated confidential information, and caused significant operational disruption.
Kill Chain Progression
Initial Compromise
Description
The adversary exploited vulnerabilities in the facial recognition system to gain unauthorized access.
Related CVEs
CVE-2020-10847
CVSS 6.8An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy S8 and Note8) software. Facial recognition can be spoofed.
Affected Products:
Samsung Galaxy S8 – P(9.0)
Samsung Galaxy Note8 – P(9.0)
Exploit Status:
no public exploitCVE-2022-48356
CVSS 7.5The facial recognition module has a vulnerability in input parameter verification. Successful exploitation of this vulnerability may cause failed facial recognition.
Affected Products:
Huawei HarmonyOS – 2.0
Exploit Status:
no public exploitCVE-2022-48479
CVSS 9.8The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.
Affected Products:
Huawei HarmonyOS – 2.0
Exploit Status:
no public exploit
MITRE ATT&CK® Techniques
Multi-Factor Authentication Interception
Impersonation
Lockscreen Bypass
Abuse Elevation Control Mechanism
Valid Accounts
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Multi-Factor Authentication
Control ID: 8.3.6
NYDFS 23 NYCRR 500 – Multi-Factor Authentication
Control ID: 500.12
DORA – ICT Risk Management Framework
Control ID: Article 6
CISA ZTMM 2.0 – Identity Verification and Authentication
Control ID: Identity Pillar
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Banking/Mortgage
Facial recognition bypass in eKYC systems enables fraudulent account creation, compromising identity verification processes and regulatory compliance requirements for financial institutions.
Law Enforcement
Real-time face swap technology defeats CCTV surveillance systems, allowing suspects to evade detection and undermining public safety monitoring capabilities.
Transportation
Airport boarding gate facial recognition vulnerabilities expose identity authentication weaknesses, creating security risks for passenger verification and travel safety protocols.
Computer/Network Security
Biometric authentication system failures reveal critical gaps in identity verification technologies, requiring enhanced security controls and adversarial testing methodologies.
Sources
- Face value: What it takes to fool facial recognitionhttps://www.welivesecurity.com/en/privacy/face-value-what-takes-fool-facial-recognition/Verified
- CISA Adds Four Known Exploited Vulnerabilities to Cataloghttps://www.cisa.gov/news-events/alerts/2024/08/21/cisa-adds-four-known-exploited-vulnerabilities-catalogVerified
- NVD - CVE-2020-10847https://nvd.nist.gov/vuln/detail/CVE-2020-10847Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have constrained the adversary's ability to exploit vulnerabilities, escalate privileges, move laterally, establish command and control channels, exfiltrate data, and cause operational disruptions.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The adversary's ability to exploit vulnerabilities in the facial recognition system may have been limited, reducing the likelihood of unauthorized access.
Control: Zero Trust Segmentation
Mitigation: The adversary's ability to escalate privileges within the system could have been constrained, limiting their access to higher-level functions.
Control: East-West Traffic Security
Mitigation: The adversary's ability to move laterally within the network may have been limited, reducing their access to additional systems and data.
Control: Multicloud Visibility & Control
Mitigation: The adversary's ability to establish command and control channels could have been constrained, limiting their persistent access.
Control: Egress Security & Policy Enforcement
Mitigation: The adversary's ability to exfiltrate sensitive data may have been limited, reducing the risk of data loss.
The adversary's ability to cause operational disruption may have been limited, reducing the impact on critical systems.
Impact at a Glance
Affected Business Functions
- Identity Verification
- Access Control Systems
Estimated downtime: N/A
Estimated loss: N/A
Potential exposure of biometric data and personal information.
Recommended Actions
Key Takeaways & Next Steps
- • Implement multi-factor authentication (MFA) to enhance identity verification processes.
- • Deploy zero trust segmentation to limit lateral movement within the network.
- • Utilize egress security and policy enforcement to monitor and control outbound traffic.
- • Establish multicloud visibility and control to detect and respond to anomalous activities.
- • Conduct regular security assessments and penetration testing to identify and remediate vulnerabilities.
