From 8242a2c07f2ae4292f8fa5a054fc91e4807c4d17 Mon Sep 17 00:00:00 2001 From: ramtherunner <34756719+ramtherunner@users.noreply.github.com> Date: Sun, 15 Nov 2020 21:10:51 -0800 Subject: [PATCH] Added Image for Facial Recognition --- pages/case-studies-page.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pages/case-studies-page.md b/pages/case-studies-page.md index 7193a92..9abdffa 100644 --- a/pages/case-studies-page.md +++ b/pages/case-studies-page.md @@ -2,7 +2,7 @@ - [VirusTotal Poisoning](/pages/case-studies-page.md#virustotal-poisoning) - [Attack on Machine Trasnlation - Google Translate, Bing Translator, Systran Translate](/pages/case-studies-page.md#attack-on-machine-translation-service---google-translate-bing-translator-systran-translate) - - [Camera Hijack Attack on Face Recognition System]() + - [Camera Hijack Attack on Facial Recognition System](/pages/case-studies-page.md#camera-hijack-attack-on-facial-recognition-system) - [ClearviewAI Misconfiguration](/pages/case-studies-page.md#clearviewai-misconfiguration) - [GPT-2 Model Replication](/pages/case-studies-page.md#gpt-2-model-replication) - [ProofPoint Evasion](/pages/case-studies-page.md#proofpoint-evasion) @@ -61,14 +61,16 @@ None - https://www.ericswallace.com/imitation ---- -## Camera Hijack Attack on Face Recognition System -**Summary of Incident:** +## Camera Hijack Attack on Facial Recognition System +**Summary of Incident:** This type of attack can break through the traditional live detection model and cause the misuse of face recognition. **Mapping to Adversarial Threat Matrix:** - The attackers bought customized low-end mobile phones, customized android ROMs, specific “virtual camera app”, identity information and face photos. - The attackers used a software to turn static photos into videos, such as eyes blinking. Then the attackers use the purchased low-end mobile phone to open the “virtual camera APP”, and import the video into this app. - The attacker registered an account with the victim's identity information. And in the verification phase, the face recognition system called the camera API, but because the system was hooked or rooted, the video stream given to the face recognition system was actually provided by the virtual camera APP. Then the attacker successfully impersonated the victim's account +![alttext](/images/FacialRecognitionANT.png) + **Reported by:** - Henry Xuef