Scroll Top

In a world first Chinese hackers spoofed biometric authentication systems to steal $76 Million

Futurist_spoofbiometric

WHY THIS MATTERS IN BRIEF

You can change your password but you can’t change your face… and biometric authentication systems are now being hacked at scale.

 

Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential University, read about exponential tech and trendsconnect, watch a keynote, or browse my blog.

As we all begin moving away from using passwords which can be easily cracked and stolen and use biometrics instead criminals are catching up and finding new ways to spoof these systems as well. So far we’ve seen criminals cloning executives voices to steal $243,000 from an energy firm, and now in what’s widely regarded as a first of a kind and the largest hack of its kind a Chinese government facial recognition ID authentication tool was recently hacked, according to media reports. The biometric data stolen was then used to create fake tax invoices.

 

RELATED
Generative AI is accelerating financial fraud on an epic scale and it's getting worse

 

Using Artificial Intelligence (AI) the criminals managed to make the high-resolution images of people look “alive” – essentially by using AI to generate sophisticated synthetic video snippets of the people’s faces – for the crime, with each “nodding, shaking, blinking and opening their mouths,” according to the South China Morning Post (SCMP), presumably to beat a biometric Presentation Attack Detection (PAD) system.

According to SCMP, reporting on an article in the Xinhua Daily Telegraph, the sophisticated biometric spoof attack and theft is being attributed to a pair of hackers with the surname Wu and Zhou.

 

RELATED
China's T-Flight hyperloop train obliterates 387mph in first tests

 

They allegedly netted 500 million yuan, or $76.2 million, operating for less than two years. Shanghai authorities in January posted online that the two had been prosecuted.

The Morning Post reported that the team purchased biometric information on the black market. Armed with the personal data and augmented pictures, the hackers used a shell company to send fraudulent tax invoices to the company’s “clients.”

The hackers hijacked phone cameras so that people would try to authenticate themselves with video, but that information went nowhere.

 

RELATED
Two startups emerge to combat deepfakes at scale

 

The Morning Post also reports online services for defeating face biometric systems are available for 30 to 250 yuan ($4.58 to $38.15) on the Dark Web.

Related Posts

Leave a comment

You have Successfully Subscribed!

Pin It on Pinterest

Share This