mirror of
https://github.com/mitre/advmlthreatmatrix.git
synced 2024-10-01 00:55:44 -04:00
added camera hijack case-study
This commit is contained in:
parent
2a9a4494c3
commit
8de971cc9d
BIN
images/FacialRecognitionANT.png
Normal file
BIN
images/FacialRecognitionANT.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 24 KiB |
@ -10,6 +10,7 @@
|
|||||||
- [Attack on Machine Translation Service - Google Translate, Bing Translator, and Systran Translate](/pages/case-studies-page.md#attack-on-machine-translation-service---google-translate-bing-translator-and-systran-translate)
|
- [Attack on Machine Translation Service - Google Translate, Bing Translator, and Systran Translate](/pages/case-studies-page.md#attack-on-machine-translation-service---google-translate-bing-translator-and-systran-translate)
|
||||||
- [VirusTotal Poisoning](/pages/case-studies-page.md#virustotal-poisoning)
|
- [VirusTotal Poisoning](/pages/case-studies-page.md#virustotal-poisoning)
|
||||||
- [Bypassing Cylance's AI Malware Detection](/pages/case-studies-page.md#bypassing-cylances-ai-malware-detection)
|
- [Bypassing Cylance's AI Malware Detection](/pages/case-studies-page.md#bypassing-cylances-ai-malware-detection)
|
||||||
|
- [Camera Hijack Attack on Facial Recognition System](/pages/case-studies-page.md#camera-hijack-attack-on-facial-recognition-system)
|
||||||
|
|
||||||
|
|
||||||
Attacks on machine learning (ML) systems are being developed and released with increased regularity. Historically, attacks against ML systems have been performed in a controlled academic settings, but as these case-studies demonstrate, attacks are being seen in-the-wild. In production settings ML systems are trained on personally identifiable information (PII), trusted to make critical decisions with little oversight, and have little to no logging and alerting attached to their use. The case-studies were selected because of the impact to production ML systems, and each demonstrates one of the following characteristics.
|
Attacks on machine learning (ML) systems are being developed and released with increased regularity. Historically, attacks against ML systems have been performed in a controlled academic settings, but as these case-studies demonstrate, attacks are being seen in-the-wild. In production settings ML systems are trained on personally identifiable information (PII), trusted to make critical decisions with little oversight, and have little to no logging and alerting attached to their use. The case-studies were selected because of the impact to production ML systems, and each demonstrates one of the following characteristics.
|
||||||
@ -229,6 +230,24 @@ Research and work by Adi Ashkenazy, Shahar Zini, and SkyLight Cyber team. Notifi
|
|||||||
- https://skylightcyber.com/2019/07/18/cylance-i-kill-you/
|
- https://skylightcyber.com/2019/07/18/cylance-i-kill-you/
|
||||||
|
|
||||||
|
|
||||||
|
----
|
||||||
|
## Camera Hijack Attack on Facial Recognition System
|
||||||
|
**Summary of Incident:** This type of attack can break through the traditional live detection model and cause the misuse of face recognition.
|
||||||
|
|
||||||
|
**Mapping to Adversarial Threat Matrix:**
|
||||||
|
- The attackers bought customized low-end mobile phones, customized android ROMs, a specific virtual camera application, identity information and face photos.
|
||||||
|
- The attackers used software to turn static photos into videos, adding realistic effects such as blinking eyes. Then the attackers use the purchased low-end mobile phone to import the generated video into the virtual camera app.
|
||||||
|
- The attackers registered an account with the victim's identity information. In the verification phase, the face recognition system called the camera API, but because the system was hooked or rooted, the video stream given to the face recognition system was actually provided by the virtual camera app.
|
||||||
|
- The attackers successfully evaded the face recognition system and impersonated the victim.
|
||||||
|
|
||||||
|
<img src="/images/FacialRecognitionANT.png" width="450" height="150"/>
|
||||||
|
|
||||||
|
**Reported by:**
|
||||||
|
- Henry Xuef, Ant Group AISEC Team
|
||||||
|
|
||||||
|
**Source:**
|
||||||
|
- Ant Group AISEC Team
|
||||||
|
|
||||||
----
|
----
|
||||||
# Contributing New Case Studies
|
# Contributing New Case Studies
|
||||||
|
|
||||||
|
@ -38,6 +38,7 @@ To see the Matrix in action, we recommend seeing the curated case studies
|
|||||||
- [Attack on Machine Translation Service - Google Translate, Bing Translator, and Systran Translate](/pages/case-studies-page.md#attack-on-machine-translation-service---google-translate-bing-translator-and-systran-translate)
|
- [Attack on Machine Translation Service - Google Translate, Bing Translator, and Systran Translate](/pages/case-studies-page.md#attack-on-machine-translation-service---google-translate-bing-translator-and-systran-translate)
|
||||||
- [VirusTotal Poisoning](/pages/case-studies-page.md#virustotal-poisoning)
|
- [VirusTotal Poisoning](/pages/case-studies-page.md#virustotal-poisoning)
|
||||||
- [Bypassing Cylance's AI Malware Detection](/pages/case-studies-page.md#bypassing-cylances-ai-malware-detection)
|
- [Bypassing Cylance's AI Malware Detection](/pages/case-studies-page.md#bypassing-cylances-ai-malware-detection)
|
||||||
|
- [Camera Hijack Attack on Facial Recognition System](/pages/case-studies-page.md#camera-hijack-attack-on-facial-recognition-system)
|
||||||
|
|
||||||
|
|
||||||
![alt text](images/AdvMLThreatMatrix.jpg)
|
![alt text](images/AdvMLThreatMatrix.jpg)
|
||||||
@ -65,6 +66,7 @@ To see the Matrix in action, we recommend seeing the curated case studies
|
|||||||
| Citadel AI | Kenny Song |
|
| Citadel AI | Kenny Song |
|
||||||
| McAfee | Christiaan Beek |
|
| McAfee | Christiaan Beek |
|
||||||
| Unaffiliated | Ken Luu |
|
| Unaffiliated | Ken Luu |
|
||||||
|
| Ant Group | Henry Xuef |
|
||||||
|
|
||||||
## Feedback and Getting Involved
|
## Feedback and Getting Involved
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user