Scroll Top

In a world first Chinese hackers spoofed biometric authentication systems to steal $76 Million



You can change your password but you can’t change your face… and biometric authentication systems are now being hacked at scale.


Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential University, read about exponential tech and trendsconnect, watch a keynote, or browse my blog.

As we all begin moving away from using passwords which can be easily cracked and stolen and use biometrics instead criminals are catching up and finding new ways to spoof these systems as well. So far we’ve seen criminals cloning executives voices to steal $243,000 from an energy firm, and now in what’s widely regarded as a first of a kind and the largest hack of its kind a Chinese government facial recognition ID authentication tool was recently hacked, according to media reports. The biometric data stolen was then used to create fake tax invoices.


Iron Beam laser weapon counters multiple drone threats in live fire tests


Using Artificial Intelligence (AI) the criminals managed to make the high-resolution images of people look “alive” – essentially by using AI to generate sophisticated synthetic video snippets of the people’s faces – for the crime, with each “nodding, shaking, blinking and opening their mouths,” according to the South China Morning Post (SCMP), presumably to beat a biometric Presentation Attack Detection (PAD) system.

According to SCMP, reporting on an article in the Xinhua Daily Telegraph, the sophisticated biometric spoof attack and theft is being attributed to a pair of hackers with the surname Wu and Zhou.


Huawei spends billions on new campus to chase global semiconductor dominance


They allegedly netted 500 million yuan, or $76.2 million, operating for less than two years. Shanghai authorities in January posted online that the two had been prosecuted.

The Morning Post reported that the team purchased biometric information on the black market. Armed with the personal data and augmented pictures, the hackers used a shell company to send fraudulent tax invoices to the company’s “clients.”

The hackers hijacked phone cameras so that people would try to authenticate themselves with video, but that information went nowhere.


World first as scientists re-grow a frogs amputated leg using a "silk bioreactor"


The Morning Post also reports online services for defeating face biometric systems are available for 30 to 250 yuan ($4.58 to $38.15) on the Dark Web.

Related Posts

Leave a comment


1000's of articles about the exponential future, 1000's of pages of insights, 1000's of videos, and 100's of exponential technologies: Get The Email from 311, your no-nonsense briefing on all the biggest stories in exponential technology and science.

You have Successfully Subscribed!

Pin It on Pinterest

Share This