From 42561b9074a8a5f26d5c8100b6aa1433f1f091d7 Mon Sep 17 00:00:00 2001 From: Keith Manville Date: Tue, 1 Dec 2020 09:13:45 -0500 Subject: [PATCH] updated case study description --- pages/case-studies-page.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pages/case-studies-page.md b/pages/case-studies-page.md index e7bab45..4882fdd 100644 --- a/pages/case-studies-page.md +++ b/pages/case-studies-page.md @@ -235,9 +235,10 @@ Research and work by Adi Ashkenazy, Shahar Zini, and SkyLight Cyber team. Notifi **Summary of Incident:** This type of attack can break through the traditional live detection model and cause the misuse of face recognition. **Mapping to Adversarial Threat Matrix:** -- The attackers bought customized low-end mobile phones, customized android ROMs, specific “virtual camera app”, identity information and face photos. -- The attackers used a software to turn static photos into videos, such as eyes blinking. Then the attackers use the purchased low-end mobile phone to open the “virtual camera APP”, and import the video into this app. -- The attacker registered an account with the victim's identity information. And in the verification phase, the face recognition system called the camera API, but because the system was hooked or rooted, the video stream given to the face recognition system was actually provided by the virtual camera APP. Then the attacker successfully impersonated the victim's account +- The attackers bought customized low-end mobile phones, customized android ROMs, a specific virtual camera application, identity information and face photos. +- The attackers used software to turn static photos into videos, adding realistic effects such as blinking eyes. Then the attackers use the purchased low-end mobile phone to import the generated video into the virtual camera app. +- The attacker registered an account with the victim's identity information. In the verification phase, the face recognition system called the camera API, but because the system was hooked or rooted, the video stream given to the face recognition system was actually provided by the virtual camera app. +- The attacker successfully evaded the face recognition system and impersonated the victim.