0

WHY THIS MATTERS IN BRIEF

You can change your password but you can’t change your face… and biometric authentication systems are now being hacked at scale.

 

Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential University, read about exponential tech and trendsconnect, watch a keynote, or browse my blog.

As we all begin moving away from using passwords which can be easily cracked and stolen and use biometrics instead criminals are catching up and finding new ways to spoof these systems as well. So far we’ve seen criminals cloning executives voices to steal $243,000 from an energy firm, and now in what’s widely regarded as a first of a kind and the largest hack of its kind a Chinese government facial recognition ID authentication tool was recently hacked, according to media reports. The biometric data stolen was then used to create fake tax invoices.

 

RELATED
Russians latest military exoskeleton controls drone swarms and survives landmines

 

Using Artificial Intelligence (AI) the criminals managed to make the high-resolution images of people look “alive” – essentially by using AI to generate sophisticated synthetic video snippets of the people’s faces – for the crime, with each “nodding, shaking, blinking and opening their mouths,” according to the South China Morning Post (SCMP), presumably to beat a biometric Presentation Attack Detection (PAD) system.

According to SCMP, reporting on an article in the Xinhua Daily Telegraph, the sophisticated biometric spoof attack and theft is being attributed to a pair of hackers with the surname Wu and Zhou.

 

RELATED
IBM opens the worlds first commercial Cyber Range

 

They allegedly netted 500 million yuan, or $76.2 million, operating for less than two years. Shanghai authorities in January posted online that the two had been prosecuted.

The Morning Post reported that the team purchased biometric information on the black market. Armed with the personal data and augmented pictures, the hackers used a shell company to send fraudulent tax invoices to the company’s “clients.”

The hackers hijacked phone cameras so that people would try to authenticate themselves with video, but that information went nowhere.

 

RELATED
An AI built to generate "Fake News" is now helping detect it

 

The Morning Post also reports online services for defeating face biometric systems are available for 30 to 250 yuan ($4.58 to $38.15) on the Dark Web.

About author

Matthew Griffin

Matthew Griffin, described as “The Adviser behind the Advisers” and a “Young Kurzweil,” is the founder and CEO of the World Futures Forum and the 311 Institute, a global Futures and Deep Futures consultancy working between the dates of 2020 to 2070, and is an award winning futurist, and author of “Codex of the Future” series. Regularly featured in the global media, including AP, BBC, Bloomberg, CNBC, Discovery, RT, Viacom, and WIRED, Matthew’s ability to identify, track, and explain the impacts of hundreds of revolutionary emerging technologies on global culture, industry and society, is unparalleled. Recognised for the past six years as one of the world’s foremost futurists, innovation and strategy experts Matthew is an international speaker who helps governments, investors, multi-nationals and regulators around the world envision, build and lead an inclusive, sustainable future. A rare talent Matthew’s recent work includes mentoring Lunar XPrize teams, re-envisioning global education and training with the G20, and helping the world’s largest organisations envision and ideate the future of their products and services, industries, and countries. Matthew's clients include three Prime Ministers and several governments, including the G7, Accenture, Aon, Bain & Co, BCG, Credit Suisse, Dell EMC, Dentons, Deloitte, E&Y, GEMS, Huawei, JPMorgan Chase, KPMG, Lego, McKinsey, PWC, Qualcomm, SAP, Samsung, Sopra Steria, T-Mobile, and many more.

Your email address will not be published. Required fields are marked *