Shanghai prosecutors prosecuted a case of false invoicing involving more than 500 million yuan, leading to illegal face recognition case
“Face recognition cracking” into a black industry, the protection of “face” urgent need to check the gap to fill in the gaps
As an easy-to-use biometric verification technology, face recognition is widely used in government, security, finance, consumer Life and other industries. However, the Xinhua Daily News reporter found that there are obvious security loopholes in face recognition technology, and there are major hidden dangers to social and property security, and systematic security investigation and leak plugging are urgently needed.
An invoice case leads to illegal face recognition case
The reporter learned from Shanghai procuratorial authorities that in a recent case of mega false invoicing of VAT ordinary invoices prosecuted by Shanghai Hongkou District People’s Procuratorate, the defendants registered a “purse company” for false invoicing of VAT ordinary invoices by cracking face recognition technology and other means. It is reported that the defendants issued ordinary VAT invoices for others at a total price and tax of over RMB 500 million.
In the case, the suspects first completed the registration of the “pseudo-companies” through the relevant government affairs platform, and the face recognition of the registrants on the platform was the key link for successful registration.
In order to achieve the purpose, the suspects specializing in face recognition cracking members said that it generally first from him to 30 yuan each price to buy other people’s high-definition avatar and ID card information, and then use the “live photo” App to high-definition avatar processing, so that the photo “move The “Live Photo” app is used to process HD headshots and make the photos “move”, forming videos that include nodding, shaking, blinking, opening the mouth and other actions.
“After obtaining the video, we use the special processing of cell phones ‘hijacking’ camera, in the face authentication link, the cell phone camera will not start, the system to obtain the previous good video. The system will think it is in person in front of the camera and finally pass the authentication.” The suspect said.
At the same Time, the gang also cracked a widely used to manage the electronic business license App face recognition system. After the suspects download the electronic business license, they will add the clerk’s identity information in the App. The false invoicing group will use the electronic business license through the identity of the clerk.
According to the suspects, its crack App category is very wide, involving government, security, finance, payment, life consumption and other user volume of App. crack price per single from 25 yuan to 300 yuan.
15 minutes to crack the face recognition system of 19 cell phones
“15 minutes to crack the face recognition system of 19 cell phones.” According to the reporter, relying on the Tsinghua University Institute of Artificial Intelligence established team Rilai intelligence recently disclosed new research results: researchers according to a photo, through the research algorithm to produce a special “glasses”, you can brush your face to unlock other people’s cell phones or App authentication.
The researchers revealed to reporters that their team cracked the face recognition unlocking system of 19 smartphones within 15 minutes by fighting against sample attacks and wearing homemade glasses. Also cracked were more than a dozen financial and government service apps.
The researchers said that in combination with personal information such as ID numbers, it is even possible to impersonate the owner of the machine to complete an online bank account.
“Over face recognition technology” group, Hackers become “valuable customers”
The reporter found that there are a large number of online groups that provide services to crack face recognition technology, and most of the group names use keywords such as “over the face” “recognition technology” to avoid supervision. The number of people in the group varies from 100 to 300.
In a group called “over the face recognition technology”, someone took a paid invitation to the group can crack the payment software face recognition audit people. The hacker has become a sought-after “valuable guest”.
In addition, some groups are cracking technology for information, resource sharing exchange. A group named “VX tricolor over the face” claims to be “the bearer of cracking face recognition technology” “suitable for newcomers and white people who want to enter the industry”, as many as 300 people in the group.
The user named “Blue Leaf” sent the reporter a crack video of the App face recognition security, and said he could sell a specially designed cell phone. By importing their own face action video, all the applications installed on the phone, you can automatically skip the face authentication link. The price of each phone is 1,650 yuan.
He also told reporters that the fake face action video can be done using “you and me that year” “live photo” “easy to change face” and other apps.
“We learned that some companies to go to work attendance to face recognition punch card, some employees commissioned hackers to invade the punch card App, using face recognition vulnerability to complete the punch card, only 30 yuan per month to pay the hacker.” A network security company related to the person in charge to reporters.
In the above-mentioned false invoicing case, the suspects in addition to the use of crack technology to engage in false invoicing, but also use the registration of new accounts to engage in fraudulent acquisition of various types of App subsidy preferences and other illegal crimes.
Rilai wisdom senior product manager Zhang Xudong told reporters that the current crack face recognition technology is mainly for the live detection of fake body attack, but the threat of counter sample attack against the AI algorithm itself has also gradually come to the fore.
“As the industry’s face recognition technology is mainly fixed a few methods, the degree of similarity is very high. If hackers provide an open source software dedicated to crack face recognition and widely circulated on the Internet, criminals use the vulnerability to carry out all kinds of App to implement illegal crimes will be like ‘into no man’s land’.” Zhang Xudong said.
In the view of Cao Liang, a security expert from Xinhuasan Group, whether it is against sample attacks or fake attacks for live detection, the ultimate goal is to deceive the “machine eye”.
“The current face recognition algorithm is mostly a ‘three point’ ‘five point’ ‘seven point’ recognition of the human face, through the eyes, nose, mouth, ears and head activity to achieve authentication. Hackers can completely understand the machine’s internal verification mechanism and judging rules, and then find ways to bypass the security protection.” He said.
Check the gaps and fill in the gaps, and return every face “safe”
Experts believe that the domestic government, security, finance, payment, consumer life and other areas of the core App application of the relevant vulnerabilities, and timely patching, to prevent the occurrence of major incidents that endanger social security and property security.
Carry out software and hardware “to attack and upgrade. Zhang Xudong said, the urgent need to involve government, security, financial, consumer and other industries face recognition technology vulnerabilities to improve and upgrade.
“Especially for the public, confidential, involving the public interest of the relevant platform and technology service providers, need to give priority to complete the technical reinforcement, the cell phone simulator to do a good job of prevention and rejection. At the same time, encourage and guide more cell phone manufacturers to support 3D face recognition technology when upgrading cell phones.” Zhang Xudong said.
“Mobile phone manufacturers can build in security modules when writing cell phone systems to prevent hackers from bypassing the cell phone camera start-up link and hijacking the camera to achieve security guarding from the source.” Cao Liang said.
Develop and implement face recognition security standards. Cao Liang said that for products using face recognition technology in core areas, the regulatory authorities can develop and strictly implement relevant standards to ensure that the products meet the security technology requirements.
“A hierarchical, multi-level national security standard and industry security standard can be developed based on the differentiated needs of face recognition for security in public or commercial applications.” He said.
Strengthen judicial crackdown to protect every “face”. “Violators may be suspected of sabotaging computer information systems, law enforcement and judicial authorities should strengthen the fight to form a deterrent.” Guo Yutao, a partner at Beijing Gefeng Law Firm, said. He suggested that the current major government, financial, e-commerce and other platforms have collected a large number of face data, there is both the problem of duplication of construction, more security risks and hidden dangers. National and provincial levels can establish a unified commercial security data center, so as to achieve The prevention of misuse of face information, leaks and other problems.
“May require face recognition algorithm supplier’s model shall be trained in the big data center, to achieve data, model physically not out of the private network. Algorithm suppliers can rent the data and computing power of the big data center for the upgrade and update of the algorithm model.” He said.
Recent Comments