At the Security Research Event 2025, our partner the Austrian Institute of Technology presented a demo allowing visitors to morph their face with any images in our dataset and put it through our detector. But what is morphing attack detection and what role does it play in SafeTravellers?
Facial recognition systems have become a cornerstone of modern border security and automated passport control. As part of ePassport systems, biometric face images are typically captured during the application process and later matched at border checkpoints for identity verification. However, these systems remain vulnerable to some insidious threats, such as face morphing attacks. In a morphing attack, an adversary creates a synthetic image that blends the facial features of two individuals. If successfully enrolled in a passport database, this morphed image may allow both individuals to pass identity checks using the same travel document. This vulnerability stems from the fact that face recognition systems typically accept a certain degree of intra-class variation, which is what enables robustness to pose, lighting, and expression. Unfortunately, this tolerance can also cause systems to accept morphed images as valid representations of both source identities, thus undermining the integrity of biometric authentication.
Morphing attacks typically exploit the passport application process, especially in systems that allow photo submission by the applicant. An attacker may create a morph between themselves and a target accomplice, then submit the morphed image during enrolment. Once the passport is issued based on this image, both the attacker and the accomplice may be able to impersonate one another at border checks. At the border control stage, a successful attack occurs if the live image of either conspirator closely matches the morphed image in the passport chip, allowing them to falsely verify as the legitimate passport holder.
The potential threat has been recognized by international authorities, including Frontex (the European Border and Coast Guard Agency) and ICAO (International Civil Aviation Organization). There is at least one reported case of a morphing attack at passport issuance. A Dutch citizen (born in Afghanistan) successfully applied for a Dutch passport with a morphed image provided by an asylum seeker from Afghanistan. Furthermore, several academic studies and internal evaluations by border agencies have demonstrated the feasibility of morphing attacks and the inability of standard face recognition systems to detect them. For instance, in controlled evaluations, morphs have been successfully used to deceive border-style automated face verification systems. In response, agencies have begun to adopt Morphing Attack Detection (MAD) techniques as part of biometric quality control and security enhancement protocols during passport issuance and verification.
Our contribution to this project focuses on developing a module capable of detecting artifacts in passport photographs that result from the morphing process. To support this objective, we initiated a comprehensive review of the relevant literature and, in collaboration with the Project team, submitted a survey paper to IEEE on morphing attack generation and detection techniques. This review of the state of the art provides a solid foundation for the development of a detection module tailored specifically to passport face images. Furthermore, given the limited availability of publicly accessible datasets containing morphed faces, we emphasize the importance of constructing a large and diverse dataset. By incorporating a wide range of cutting-edge morphing generation techniques, we aim to ensure that the resulting detection model is both robust and generalizable.
Different approaches have been proposed to generate face morphing images, ranging from traditional image blending to more advanced techniques. However, the most prominent methods today are deep learning-based, leveraging generative models such as Generative Adversarial Networks (GANs) and diffusion models. These architectures enable the synthesis of highly realistic face morphs by learning the distribution of facial features and producing seamless blends that are difficult to detect with the naked eye.
In parallel, various techniques have been developed to detect morphing attacks. Many recent approaches are also deep learning-based, relying on convolutional or transformer architectures to capture subtle inconsistencies. Nevertheless, classic signal-processing methods continue to play an important role. Techniques such as wavelet decomposition or Fourier analysis can reveal frequency-domain anomalies and localized artifacts introduced during the morphing process, providing valuable complementary features to deep learning-based solutions.
Morphing Attack Detection in SafeTravellers
