From 52c789fe0a92e3a3b07df71d254a7e49f6056e8e Mon Sep 17 00:00:00 2001 From: Keith Manville Date: Wed, 18 Nov 2020 09:07:28 -0500 Subject: [PATCH] added camera hijack case study --- pages/case-studies-page.md | 17 +++++++++++++++++ readme.md | 2 ++ 2 files changed, 19 insertions(+) diff --git a/pages/case-studies-page.md b/pages/case-studies-page.md index 80247a6..29114b7 100644 --- a/pages/case-studies-page.md +++ b/pages/case-studies-page.md @@ -10,6 +10,7 @@ - [Attack on Machine Translation Service - Google Translate, Bing Translator, and Systran Translate](/pages/case-studies-page.md#attack-on-machine-translation-service---google-translate-bing-translator-and-systran-translate) - [VirusTotal Poisoning](/pages/case-studies-page.md#virustotal-poisoning) - [Bypassing Cylance's AI Malware Detection](/pages/case-studies-page.md#bypassing-cylances-ai-malware-detection) + - [Camera Hijack Attack on Facial Recognition System](/pages/case-studies-page.md#camera-hijack-attack-on-facial-recognition-system) Attacks on machine learning (ML) systems are being developed and released with increased regularity. Historically, attacks against ML systems have been performed in a controlled academic settings, but as these case-studies demonstrate, attacks are being seen in-the-wild. In production settings ML systems are trained on personally identifiable information (PII), trusted to make critical decisions with little oversight, and have little to no logging and alerting attached to their use. The case-studies were selected because of the impact to production ML systems, and each demonstrates one of the following characteristics. @@ -229,6 +230,22 @@ Research and work by Adi Ashkenazy, Shahar Zini, and SkyLight Cyber team. Notifi - https://skylightcyber.com/2019/07/18/cylance-i-kill-you/ +## Camera Hijack Attack on Facial Recognition System +**Summary of Incident:** This type of attack can break through the traditional live detection model and cause the misuse of face recognition. + +**Mapping to Adversarial Threat Matrix:** +- The attackers bought customized low-end mobile phones, customized android ROMs, specific “virtual camera app”, identity information and face photos. +- The attackers used a software to turn static photos into videos, such as eyes blinking. Then the attackers use the purchased low-end mobile phone to open the “virtual camera APP”, and import the video into this app. +- The attacker registered an account with the victim's identity information. And in the verification phase, the face recognition system called the camera API, but because the system was hooked or rooted, the video stream given to the face recognition system was actually provided by the virtual camera APP. Then the attacker successfully impersonated the victim's account + + + +**Reported by:** +- Henry Xuef + +**Source:** +None + ---- # Contributing New Case Studies diff --git a/readme.md b/readme.md index c8432b8..d4b9378 100644 --- a/readme.md +++ b/readme.md @@ -38,6 +38,7 @@ To see the Matrix in action, we recommend seeing the curated case studies - [Attack on Machine Translation Service - Google Translate, Bing Translator, and Systran Translate](/pages/case-studies-page.md#attack-on-machine-translation-service---google-translate-bing-translator-and-systran-translate) - [VirusTotal Poisoning](/pages/case-studies-page.md#virustotal-poisoning) - [Bypassing Cylance's AI Malware Detection](/pages/case-studies-page.md#bypassing-cylances-ai-malware-detection) + - [Camera Hijack Attack on Facial Recognition System](/pages/case-studies-page.md#camera-hijack-attack-on-facial-recognition-system) ![alt text](images/AdvMLThreatMatrix.jpg) @@ -65,6 +66,7 @@ To see the Matrix in action, we recommend seeing the curated case studies | Citadel AI | Kenny Song | | McAfee | Christiaan Beek | | Unaffiliated | Ken Luu | +| Ant/Alibaba Group | Henry Xuef | ## Feedback and Getting Involved