diff --git a/images/FacialRecognitionANT.png b/images/FacialRecognitionANT.png new file mode 100644 index 0000000..37f8463 Binary files /dev/null and b/images/FacialRecognitionANT.png differ diff --git a/pages/case-studies-page.md b/pages/case-studies-page.md index 80247a6..e836288 100644 --- a/pages/case-studies-page.md +++ b/pages/case-studies-page.md @@ -10,6 +10,7 @@ - [Attack on Machine Translation Service - Google Translate, Bing Translator, and Systran Translate](/pages/case-studies-page.md#attack-on-machine-translation-service---google-translate-bing-translator-and-systran-translate) - [VirusTotal Poisoning](/pages/case-studies-page.md#virustotal-poisoning) - [Bypassing Cylance's AI Malware Detection](/pages/case-studies-page.md#bypassing-cylances-ai-malware-detection) + - [Camera Hijack Attack on Facial Recognition System](/pages/case-studies-page.md#camera-hijack-attack-on-facial-recognition-system) Attacks on machine learning (ML) systems are being developed and released with increased regularity. Historically, attacks against ML systems have been performed in a controlled academic settings, but as these case-studies demonstrate, attacks are being seen in-the-wild. In production settings ML systems are trained on personally identifiable information (PII), trusted to make critical decisions with little oversight, and have little to no logging and alerting attached to their use. The case-studies were selected because of the impact to production ML systems, and each demonstrates one of the following characteristics. @@ -229,6 +230,24 @@ Research and work by Adi Ashkenazy, Shahar Zini, and SkyLight Cyber team. Notifi - https://skylightcyber.com/2019/07/18/cylance-i-kill-you/ +---- +## Camera Hijack Attack on Facial Recognition System +**Summary of Incident:** This type of attack can break through the traditional live detection model and cause the misuse of face recognition. + +**Mapping to Adversarial Threat Matrix:** +- The attackers bought customized low-end mobile phones, customized android ROMs, a specific virtual camera application, identity information and face photos. +- The attackers used software to turn static photos into videos, adding realistic effects such as blinking eyes. Then the attackers use the purchased low-end mobile phone to import the generated video into the virtual camera app. +- The attackers registered an account with the victim's identity information. In the verification phase, the face recognition system called the camera API, but because the system was hooked or rooted, the video stream given to the face recognition system was actually provided by the virtual camera app. +- The attackers successfully evaded the face recognition system and impersonated the victim. + + + +**Reported by:** +- Henry Xuef, Ant Group AISEC Team + +**Source:** +- Ant Group AISEC Team + ---- # Contributing New Case Studies diff --git a/readme.md b/readme.md index c8432b8..3e3cbd5 100644 --- a/readme.md +++ b/readme.md @@ -38,6 +38,7 @@ To see the Matrix in action, we recommend seeing the curated case studies - [Attack on Machine Translation Service - Google Translate, Bing Translator, and Systran Translate](/pages/case-studies-page.md#attack-on-machine-translation-service---google-translate-bing-translator-and-systran-translate) - [VirusTotal Poisoning](/pages/case-studies-page.md#virustotal-poisoning) - [Bypassing Cylance's AI Malware Detection](/pages/case-studies-page.md#bypassing-cylances-ai-malware-detection) + - [Camera Hijack Attack on Facial Recognition System](/pages/case-studies-page.md#camera-hijack-attack-on-facial-recognition-system) ![alt text](images/AdvMLThreatMatrix.jpg) @@ -65,6 +66,7 @@ To see the Matrix in action, we recommend seeing the curated case studies | Citadel AI | Kenny Song | | McAfee | Christiaan Beek | | Unaffiliated | Ken Luu | +| Ant Group | Henry Xuef | ## Feedback and Getting Involved