Biometric authentication systems have long, checkered history in IT security and are regarded as a highly controversial technology. Many manufacturers and users love them because of their usability and the personal touch they give to human-computer interaction when it comes to an often annoying but necessary task like user authentication. Other people hate them because of data privacy and security concerns. Despite all the controversy, biometric authentication systems are still here and they seem to stay.
In fall 2017, SySS GmbH started a research project concerning the enterprise-grade face authentication system Microsoft Windows Hello Face Authentication based on near infrared technology.
In our talk, we will present the results of our research project concerning the enterprise-grade face authentication system Windows Hello Face Authentication by Microsoft based on near infrared and visible light and will demonstrate how different versions of it can be bypassed by rather simple means.
Malware analysis on android using supervised machine learning techniquesMd. Shohel Rana
In recent years, a widespread research is conducted with the growth of malware resulted in the domain of malware analysis and detection in Android devices. Android, a mobile-based operating system currently having more than one billion active users with a high market impact that have inspired the expansion of malware by cyber criminals. Android implements a different architecture and security controls to solve the problems caused by malware, such as unique user ID (UID) for each application, system permissions, and its distribution platform Google Play. There are numerous ways to violate that fortification, and how the complexity of creating a new solution is enlarged while cybercriminals progress their skills to develop malware. A community including developer and researcher has been evolving substitutes aimed at refining the level of safety where numerous machine learning algorithms already been proposed or applied to classify or cluster malware including analysis techniques, frameworks, sandboxes, and systems security. One of the most promising techniques is the implementation of artificial intelligence solutions for malware analysis. In this paper, we evaluate numerous supervised machine learning algorithms by implementing a static analysis framework to make predictions for detecting malware on Android.
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...Interset
At IANS Forum Seattle, Interset Director of Field Ops, Jay Lillie, took a close look at how user and entity behavioral analytics (UEBA) can help to identify insider threats before data is stolen. To learn more, contact Interset at securityai@interset.com.
Privacy preserving data mining is an important
issue nowadays for data mining. Since various organizations
and people are generating sensitive data or information these
days. They don’t want to share their sensitive data however
that data can be useful for data mining purpose. So, due to
privacy preserving mining that data can be mined usefully
without harming the privacy of that data. Privacy can be
preserved by applying encryption on database which is to be
mined because now the data is secure due to encryption. Code
profiling is a field in software engineering where we can
apply data mining to discover some knowledge so that it will
be useful in future development of software. In this work we
have applied privacy preserving mining in code profiling data
such as software metrics of various codes. Results of data
mining on actual and encrypted data are compared for
accuracy. We have also analyzed the results of privacy
preserving mining in code profiling data and found
interesting results.
Brian Gorenc, Trend Micro
Much like their six-legged counterparts in nature, bugs in software have a lifecycle. They are discovered, they get exploited, they get reported, they get patched, and usually, they go away. At each stage of this lifecycle, information about the vulnerability equates to a monetary value, and, depending on how this information is disseminated, that monetary value can drastically change. Various marketplaces exist for security research, and the current gray and black markets can be as robust as their white market counterparts. Different agents within these markets influence research trends by shifting finances to or away from specific areas, resulting in more bugs discovered and reported in that area.
Even if you don’t directly participate in this economy, it impacts you and the systems you defend. Bugs bought and sold in the marketplace often become security patches and sometimes get wrapped into exploit kits or malware. Administering the world’s largest vendor agnostic bug bounty program puts us in a unique position to examine the inner workings of these transactions. While firmly in the white market, our experience and relationships provide us with insight across the entire exploit landscape. Some of these factors might not be obvious to those outside of the marketplace until exposed through data leaks or compromise.
These hidden factors can shift prices and send researchers – and thus exploits – in new directions. Like any open market, various factors can spur changes in supply and demand, and market actors can shape what types of research either becomes public – or finds its way into an exploit kit. This presentation covers the inner-workings of the exploit marketplace, the main players in various sectors, and the winding, often controversial lifespan of a security bug. We include real-world examples of how effectively run programs have disrupted nation-state exploit usage in the wild, and take a look at how existing and impending legislation could irrevocably affect the exploit marketplace – and maybe not for the better.
Mitchell Reifel (pmdtechnologies ag): pmd Time-of-Flight – the Swiss Army Kni...AugmentedWorldExpo
A talk from the Develop Track at AWE USA 2018 - the World's #1 XR Conference & Expo in Santa Clara, California May 30- June 1, 2018.
Mitchell Reifel (pmdtechnologies ag): pmd Time-of-Flight – the Swiss Army Knife of 3D depth sensing
pmd's Time-of-Flight technology is integrated into two AR-smartphones on the market! pmd ToF is in 4 AR headsets! This talk will show what pmd has achieved, what they can do with our 3D ToF technology and why depth sensing is one secret sauce for AR, VR and MR.
http://AugmentedWorldExpo.com
Malware analysis on android using supervised machine learning techniquesMd. Shohel Rana
In recent years, a widespread research is conducted with the growth of malware resulted in the domain of malware analysis and detection in Android devices. Android, a mobile-based operating system currently having more than one billion active users with a high market impact that have inspired the expansion of malware by cyber criminals. Android implements a different architecture and security controls to solve the problems caused by malware, such as unique user ID (UID) for each application, system permissions, and its distribution platform Google Play. There are numerous ways to violate that fortification, and how the complexity of creating a new solution is enlarged while cybercriminals progress their skills to develop malware. A community including developer and researcher has been evolving substitutes aimed at refining the level of safety where numerous machine learning algorithms already been proposed or applied to classify or cluster malware including analysis techniques, frameworks, sandboxes, and systems security. One of the most promising techniques is the implementation of artificial intelligence solutions for malware analysis. In this paper, we evaluate numerous supervised machine learning algorithms by implementing a static analysis framework to make predictions for detecting malware on Android.
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...Interset
At IANS Forum Seattle, Interset Director of Field Ops, Jay Lillie, took a close look at how user and entity behavioral analytics (UEBA) can help to identify insider threats before data is stolen. To learn more, contact Interset at securityai@interset.com.
Privacy preserving data mining is an important
issue nowadays for data mining. Since various organizations
and people are generating sensitive data or information these
days. They don’t want to share their sensitive data however
that data can be useful for data mining purpose. So, due to
privacy preserving mining that data can be mined usefully
without harming the privacy of that data. Privacy can be
preserved by applying encryption on database which is to be
mined because now the data is secure due to encryption. Code
profiling is a field in software engineering where we can
apply data mining to discover some knowledge so that it will
be useful in future development of software. In this work we
have applied privacy preserving mining in code profiling data
such as software metrics of various codes. Results of data
mining on actual and encrypted data are compared for
accuracy. We have also analyzed the results of privacy
preserving mining in code profiling data and found
interesting results.
Brian Gorenc, Trend Micro
Much like their six-legged counterparts in nature, bugs in software have a lifecycle. They are discovered, they get exploited, they get reported, they get patched, and usually, they go away. At each stage of this lifecycle, information about the vulnerability equates to a monetary value, and, depending on how this information is disseminated, that monetary value can drastically change. Various marketplaces exist for security research, and the current gray and black markets can be as robust as their white market counterparts. Different agents within these markets influence research trends by shifting finances to or away from specific areas, resulting in more bugs discovered and reported in that area.
Even if you don’t directly participate in this economy, it impacts you and the systems you defend. Bugs bought and sold in the marketplace often become security patches and sometimes get wrapped into exploit kits or malware. Administering the world’s largest vendor agnostic bug bounty program puts us in a unique position to examine the inner workings of these transactions. While firmly in the white market, our experience and relationships provide us with insight across the entire exploit landscape. Some of these factors might not be obvious to those outside of the marketplace until exposed through data leaks or compromise.
These hidden factors can shift prices and send researchers – and thus exploits – in new directions. Like any open market, various factors can spur changes in supply and demand, and market actors can shape what types of research either becomes public – or finds its way into an exploit kit. This presentation covers the inner-workings of the exploit marketplace, the main players in various sectors, and the winding, often controversial lifespan of a security bug. We include real-world examples of how effectively run programs have disrupted nation-state exploit usage in the wild, and take a look at how existing and impending legislation could irrevocably affect the exploit marketplace – and maybe not for the better.
Mitchell Reifel (pmdtechnologies ag): pmd Time-of-Flight – the Swiss Army Kni...AugmentedWorldExpo
A talk from the Develop Track at AWE USA 2018 - the World's #1 XR Conference & Expo in Santa Clara, California May 30- June 1, 2018.
Mitchell Reifel (pmdtechnologies ag): pmd Time-of-Flight – the Swiss Army Knife of 3D depth sensing
pmd's Time-of-Flight technology is integrated into two AR-smartphones on the market! pmd ToF is in 4 AR headsets! This talk will show what pmd has achieved, what they can do with our 3D ToF technology and why depth sensing is one secret sauce for AR, VR and MR.
http://AugmentedWorldExpo.com
The talk focuses on virtual and augmented reality technologies and examines various devices and technologies in the field of three-dimensional visualization and different applications of these technologies. The author presents a software for 3D interactive visualization, supporting disassembly and assembly processes of specialized equipment that have been developed by the VR-Team. Also, it will give a look at the development process of the presented software.
Data Science for Open Innovation in SMEs and Large CorporationsData Science Society
Latest trends in Data Science and why the open-source culture and open innovation is expanding so fast. Find more about Data Science Society, its latest activities and how they cooperate with different local communities around the world for stimulating the new forms of education. At the end of the presentation, there are the results of two business cases from a telecom company (SNA) and a German retailer (object detection), which were solved during the Data Science Society’s hackathons (Global Datathons).
The autonomous driving reality or fiction?Davor Andric
Autonomous driving changes our mobility. Autonomous driving has been around for years, is it really so? Is complete human driving behaviour to replace by autonomous driving and how? This talk address these challenges. It points out which technologies can be used. It address the intelligent and autonomous decisions in real time and show how a few of these capabilities can look like.
Keynote WFIoT2019 - Data Graph, Knowledge Graphs Ontologies, Internet of Thin...Amélie Gyrard
Keynote “Trends on Data Graphs & Security for the Internet of Things”
(Extended Version) #WF-IoT World Forum Internet of Things
Workshop on #Security and #Privacy for #InternetofThings and Cyber-Physical Systems #CPS
#Security #Toolbox #Attacks and #Countermeasures #STAC
#Security #KnowledgeGraphs #Ontologies
Speaker: Dr. Ghislain Atemezing(Research & Development Director, MONDECA, Paris, France) @gatemezing
Credits: Dr. Amelie Gyrard (Kno.e.sis, Wright State University, Ohio, USA)
Significant Changes in Digital Technology with ‘Manufacturing Innovation 3.0’...Hong-Seok Kim
Presented by Hong-Seok Kim* <hskim@kitech.re.kr> at IFDS-MVE**, Shanghai University, Shanghai, China, Aug. 15, 2016
* QrioCty@Gmail.com, https://www.facebook.com/QrioCty, https://www.facebook.com/DIR-Data-Intelligence-Robotics-247625041926255/, https://www.facebook.com/IMT-제조기술혁신-121702971175341/
** International Forum on Development Strategies of Mechanical and Vehicle Engineering
Key to your company's success is being able to integrate and use the data you have. Linked Data holds the promise to deliver on this with semantic data hubs that don't strip context and enable you to use your data across your organization.
Nubank is the leading fintech in Latin America. Using bleeding-edge technology, design, and data, the company aims to fight complexity and empower people to take control of their finances. We are disrupting an outdated and bureaucratic system by building a simple, safe and 100% digital environment.
In order to succeed, we need to constantly make better decisions in the speed of insight, and that’s what We aim when building Nubank’s Data Platform. In this talk we want to explore and share the guiding principles and how we created an automated, scalable, declarative and self-service platform that has more than 200 contributors, mostly non-technical, to build 8 thousand distinct datasets, ingesting data from 800 databases, leveraging Apache Spark expressiveness and scalability.
The topics we want to explore are:
– Making data-ingestion a no-brainer when creating new services
– Reducing the cycle time to deploy new Datasets and Machine Learning models to production
– Closing the loop and leverage knowledge processed in the analytical environment to take decisions in production
– Providing the perfect level of abstraction to users
You will get from this talk:
– Our love for ‘The Log’ and how we use it to decouple databases from its schema and distribute the work to keep schemas up to date to the entire team.
– How we made data ingestion so simple using Kafka Streams that teams stopped using databases for analytical data.
– The huge benefits of relying on the DataFrame API to create datasets which made possible having tests end-to-end verifying that the 8000 datasets work without even running a Spark Job and much more.
– The importance of creating the right amount of abstractions and restrictions to have the power to optimize.
This was delivered during National Apprenticeships Week 2018. The global shortage of Cyber Security Professionals is set to grow to 1.5 million in 2019. By harnessing apprenticeships organisations can train new talent and up-skill existing employees.
This is topic of software related to the computer which is very embedded to see the student of computer, and interested in software.
Most authentic presentation. You have ever seen this type of topic in the whole slide share.
I have prepared this topic with the help of internet and books.
Embedded Recipes 2018 - Io(M)T: A year in review - Rayna StamboliyskaAnne Nicolas
A year ago, I embarked on the funky journey to gain insights into IoT security. I am particularly interested in medical devices, that is an item that’s connected to the Internet AND can gather some sort of health data.
I started off with connected sex toys—it’s fun to tear them down, then tell others about it. Beyond the fun, though, is the actual understanding of what is at stake. And, in all honesty, your fridge, your insulin pump and your pacemaker all share the same challenges: they need improved security so that we are not at risk.
Since the first dildo I investigated, my analysis capabilities have evolved. This talk will address the diverse range of challenges I have had: obtaining the objects (the least complex one… but not the cheapest option, still!), producing reproducible data, collecting meaningful logs, having the companies building the IoT fix their flaws, etc. Thankfully, I will also discuss the solutions I identified, all of which involve FLOSS and (in part) open hardware.
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys
We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year.
Open Source Insight is your weekly news resource for open source security and cybersecurity news!
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
Experts from Symantec and MITRE explore the latest research and best practices for detecting targeted ransomware in your environment.
Watch on-demand webinar here: https://symc.ly/2L7ESFI.
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...polochau
We have witnessed tremendous growth in Artificial intelligence (AI) and machine learning (ML) recently. However, research shows that AI and ML models are often vulnerable to adversarial attacks, and their predictions can be difficult to understand, evaluate and ultimately act upon.
Discovering real-world vulnerabilities of deep neural networks and countermeasures to mitigate such threats has become essential to successful deployment of AI in security settings. We present our joint works with Intel which include the first targeted physical adversarial attack (ShapeShifter) that fools state-of-the-art object detectors; a fast defense (SHIELD) that removes digital adversarial noise by stochastic data compression; and interactive systems (ADAGIO and MLsploit) that further democratize the study of adversarial machine learning and facilitate real-time experimentation for deep learning practitioners.
Finally, we also present how scalable interactive visualization can be used to amplify people’s ability to understand and interact with large-scale data and complex models. We sample from projects where interactive visualization has provided key leaps of insight, from increased model interpretability (Gamut with Microsoft Research), to model explorability with models trained on millions of instances (ActiVis deployed with Facebook), increased usability for non-experts about state-of-the-art AI (GAN Lab open-sourced with Google Brain; went viral!), and our latest work Summit, an interactive system that scalably summarizes and visualizes what features a deep learning model has learned and how those features interact to make predictions. We conclude by highlighting the next visual analytics research frontiers in AI.
=== Presenter Bio ===
Polo Chau
Associate Professor and ML Area Leader, College of Computing
Associate Director, MS Analytics
Georgia Institute of Technology
Polo Chau is an Associate Professor of Computing at Georgia Tech. He co-directs Georgia Tech's MS Analytics program. His research group bridges machine learning and visualization to synthesize scalable interactive tools for making sense of massive datasets, interpreting complex AI models, and solving real world problems in cybersecurity, human-centered AI, graph visualization and mining, and social good. His Ph.D. in Machine Learning from Carnegie Mellon University won CMU's Computer Science Dissertation Award, Honorable Mention. He received awards and grants from NSF, NIH, NASA, DARPA, Intel (Intel Outstanding Researcher), Symantec, Google, Nvidia, IBM, Yahoo, Amazon, Microsoft, eBay, LexisNexis; Raytheon Faculty Fellowship; Edenfield Faculty Fellowship; Outstanding Junior Faculty Award; The Lester Endowment Award; Symantec fellowship (twice); Best student papers at SDM'14 and KDD'16 (runner-up); Best demo at SIGMOD'17 (runner-up); Chinese CHI'18 Best paper. His research led to open-sourc
Zsombor Kovács - Cheaters for Everything from Minesweeper to Mobile Banking ...hacktivity
In my opinion, cheating acceptable - it merely means expanding the frame of an application to the point, which is beyond what the creators of the application have ever imagined. In this talk, we explore how the popular instumentalisation framework Frida can be used to hack applications from games to mobile banking applications.
Vincent Ruijter - ~Securing~ Attacking Kuberneteshacktivity
This talks' focus lays on a popular containerization tool called Kubernetes. Common implementations of Kubernetes are not secure by default and a lot of information about hardening is not known to the public. Since version 1.7 the security level has increased and common security misconfigurations have been mitigated. During this talk it will be demonstrated what happens if these mitigations are not applied and how to abuse them. The talk will be about both securing and attacking the platform and could be considered a 'purple team' talk. Multiple live demos are planned, most of them ending in a guest-to-host escape and a root shell.
More Related Content
Similar to Matthias Deeg - Bypassing an Enterprise-Grade Biometric Face Authentication System
The talk focuses on virtual and augmented reality technologies and examines various devices and technologies in the field of three-dimensional visualization and different applications of these technologies. The author presents a software for 3D interactive visualization, supporting disassembly and assembly processes of specialized equipment that have been developed by the VR-Team. Also, it will give a look at the development process of the presented software.
Data Science for Open Innovation in SMEs and Large CorporationsData Science Society
Latest trends in Data Science and why the open-source culture and open innovation is expanding so fast. Find more about Data Science Society, its latest activities and how they cooperate with different local communities around the world for stimulating the new forms of education. At the end of the presentation, there are the results of two business cases from a telecom company (SNA) and a German retailer (object detection), which were solved during the Data Science Society’s hackathons (Global Datathons).
The autonomous driving reality or fiction?Davor Andric
Autonomous driving changes our mobility. Autonomous driving has been around for years, is it really so? Is complete human driving behaviour to replace by autonomous driving and how? This talk address these challenges. It points out which technologies can be used. It address the intelligent and autonomous decisions in real time and show how a few of these capabilities can look like.
Keynote WFIoT2019 - Data Graph, Knowledge Graphs Ontologies, Internet of Thin...Amélie Gyrard
Keynote “Trends on Data Graphs & Security for the Internet of Things”
(Extended Version) #WF-IoT World Forum Internet of Things
Workshop on #Security and #Privacy for #InternetofThings and Cyber-Physical Systems #CPS
#Security #Toolbox #Attacks and #Countermeasures #STAC
#Security #KnowledgeGraphs #Ontologies
Speaker: Dr. Ghislain Atemezing(Research & Development Director, MONDECA, Paris, France) @gatemezing
Credits: Dr. Amelie Gyrard (Kno.e.sis, Wright State University, Ohio, USA)
Significant Changes in Digital Technology with ‘Manufacturing Innovation 3.0’...Hong-Seok Kim
Presented by Hong-Seok Kim* <hskim@kitech.re.kr> at IFDS-MVE**, Shanghai University, Shanghai, China, Aug. 15, 2016
* QrioCty@Gmail.com, https://www.facebook.com/QrioCty, https://www.facebook.com/DIR-Data-Intelligence-Robotics-247625041926255/, https://www.facebook.com/IMT-제조기술혁신-121702971175341/
** International Forum on Development Strategies of Mechanical and Vehicle Engineering
Key to your company's success is being able to integrate and use the data you have. Linked Data holds the promise to deliver on this with semantic data hubs that don't strip context and enable you to use your data across your organization.
Nubank is the leading fintech in Latin America. Using bleeding-edge technology, design, and data, the company aims to fight complexity and empower people to take control of their finances. We are disrupting an outdated and bureaucratic system by building a simple, safe and 100% digital environment.
In order to succeed, we need to constantly make better decisions in the speed of insight, and that’s what We aim when building Nubank’s Data Platform. In this talk we want to explore and share the guiding principles and how we created an automated, scalable, declarative and self-service platform that has more than 200 contributors, mostly non-technical, to build 8 thousand distinct datasets, ingesting data from 800 databases, leveraging Apache Spark expressiveness and scalability.
The topics we want to explore are:
– Making data-ingestion a no-brainer when creating new services
– Reducing the cycle time to deploy new Datasets and Machine Learning models to production
– Closing the loop and leverage knowledge processed in the analytical environment to take decisions in production
– Providing the perfect level of abstraction to users
You will get from this talk:
– Our love for ‘The Log’ and how we use it to decouple databases from its schema and distribute the work to keep schemas up to date to the entire team.
– How we made data ingestion so simple using Kafka Streams that teams stopped using databases for analytical data.
– The huge benefits of relying on the DataFrame API to create datasets which made possible having tests end-to-end verifying that the 8000 datasets work without even running a Spark Job and much more.
– The importance of creating the right amount of abstractions and restrictions to have the power to optimize.
This was delivered during National Apprenticeships Week 2018. The global shortage of Cyber Security Professionals is set to grow to 1.5 million in 2019. By harnessing apprenticeships organisations can train new talent and up-skill existing employees.
This is topic of software related to the computer which is very embedded to see the student of computer, and interested in software.
Most authentic presentation. You have ever seen this type of topic in the whole slide share.
I have prepared this topic with the help of internet and books.
Embedded Recipes 2018 - Io(M)T: A year in review - Rayna StamboliyskaAnne Nicolas
A year ago, I embarked on the funky journey to gain insights into IoT security. I am particularly interested in medical devices, that is an item that’s connected to the Internet AND can gather some sort of health data.
I started off with connected sex toys—it’s fun to tear them down, then tell others about it. Beyond the fun, though, is the actual understanding of what is at stake. And, in all honesty, your fridge, your insulin pump and your pacemaker all share the same challenges: they need improved security so that we are not at risk.
Since the first dildo I investigated, my analysis capabilities have evolved. This talk will address the diverse range of challenges I have had: obtaining the objects (the least complex one… but not the cheapest option, still!), producing reproducible data, collecting meaningful logs, having the companies building the IoT fix their flaws, etc. Thankfully, I will also discuss the solutions I identified, all of which involve FLOSS and (in part) open hardware.
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys
We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year.
Open Source Insight is your weekly news resource for open source security and cybersecurity news!
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
Experts from Symantec and MITRE explore the latest research and best practices for detecting targeted ransomware in your environment.
Watch on-demand webinar here: https://symc.ly/2L7ESFI.
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...polochau
We have witnessed tremendous growth in Artificial intelligence (AI) and machine learning (ML) recently. However, research shows that AI and ML models are often vulnerable to adversarial attacks, and their predictions can be difficult to understand, evaluate and ultimately act upon.
Discovering real-world vulnerabilities of deep neural networks and countermeasures to mitigate such threats has become essential to successful deployment of AI in security settings. We present our joint works with Intel which include the first targeted physical adversarial attack (ShapeShifter) that fools state-of-the-art object detectors; a fast defense (SHIELD) that removes digital adversarial noise by stochastic data compression; and interactive systems (ADAGIO and MLsploit) that further democratize the study of adversarial machine learning and facilitate real-time experimentation for deep learning practitioners.
Finally, we also present how scalable interactive visualization can be used to amplify people’s ability to understand and interact with large-scale data and complex models. We sample from projects where interactive visualization has provided key leaps of insight, from increased model interpretability (Gamut with Microsoft Research), to model explorability with models trained on millions of instances (ActiVis deployed with Facebook), increased usability for non-experts about state-of-the-art AI (GAN Lab open-sourced with Google Brain; went viral!), and our latest work Summit, an interactive system that scalably summarizes and visualizes what features a deep learning model has learned and how those features interact to make predictions. We conclude by highlighting the next visual analytics research frontiers in AI.
=== Presenter Bio ===
Polo Chau
Associate Professor and ML Area Leader, College of Computing
Associate Director, MS Analytics
Georgia Institute of Technology
Polo Chau is an Associate Professor of Computing at Georgia Tech. He co-directs Georgia Tech's MS Analytics program. His research group bridges machine learning and visualization to synthesize scalable interactive tools for making sense of massive datasets, interpreting complex AI models, and solving real world problems in cybersecurity, human-centered AI, graph visualization and mining, and social good. His Ph.D. in Machine Learning from Carnegie Mellon University won CMU's Computer Science Dissertation Award, Honorable Mention. He received awards and grants from NSF, NIH, NASA, DARPA, Intel (Intel Outstanding Researcher), Symantec, Google, Nvidia, IBM, Yahoo, Amazon, Microsoft, eBay, LexisNexis; Raytheon Faculty Fellowship; Edenfield Faculty Fellowship; Outstanding Junior Faculty Award; The Lester Endowment Award; Symantec fellowship (twice); Best student papers at SDM'14 and KDD'16 (runner-up); Best demo at SIGMOD'17 (runner-up); Chinese CHI'18 Best paper. His research led to open-sourc
Similar to Matthias Deeg - Bypassing an Enterprise-Grade Biometric Face Authentication System (20)
Zsombor Kovács - Cheaters for Everything from Minesweeper to Mobile Banking ...hacktivity
In my opinion, cheating acceptable - it merely means expanding the frame of an application to the point, which is beyond what the creators of the application have ever imagined. In this talk, we explore how the popular instumentalisation framework Frida can be used to hack applications from games to mobile banking applications.
Vincent Ruijter - ~Securing~ Attacking Kuberneteshacktivity
This talks' focus lays on a popular containerization tool called Kubernetes. Common implementations of Kubernetes are not secure by default and a lot of information about hardening is not known to the public. Since version 1.7 the security level has increased and common security misconfigurations have been mitigated. During this talk it will be demonstrated what happens if these mitigations are not applied and how to abuse them. The talk will be about both securing and attacking the platform and could be considered a 'purple team' talk. Multiple live demos are planned, most of them ending in a guest-to-host escape and a root shell.
Balázs Bucsay - XFLTReaT: Building a Tunnelhacktivity
XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and offers the capability to the users to take care of only those things that matter. It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol or to deal with interfaces and routing. Any protocol can be converted to a module, which works in a plug-and-play fashion; authentication and encryption can be configured and customised on all traffic and it is also worth mentioning that the framework was designed to be easy to configure, use and develop. In case there is a need to send packets over ICMP, RDP or SSH then this can be done in a matter of minutes, instead of developing a new tool from scratch. The potential use (or abuse) cases are plentiful, such as bypassing network restrictions of an ISP, the proxy of a workplace or obtaining Internet connectivity through bypassing captive portals in the middle of the Atlantic Ocean or at an altitude of 12km on an airplane.
This framework is not just a tool; it unites different technologies in the field of tunnelling. It will be show how to tunnel data over a Windows jumpbox utilising RDP (including the dirty low level "secrets") or how to exfiltrate data over ICMP from barely secured networks. We have simplified the whole process and created a framework that is responsible for everything but the communication itself, we rethought the old way of tunnelling and tried to give something new to the community. After the initial setup the framework takes care of everything. With the check functionality we can even find out, which module can be used on the network, there is no need for any low-level packet fu and hassle. I guarantee that you won’t be disappointed with the tool and the talk, actually you will be richer with an open-source tool.
Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webappshacktivity
Adobe Experience Manager (AEM) is an enterprise-grade CMS. It’s used by high-profile companies like Linkedin, Apple, Mastercard, Western Union, Cisco, General Motors, and others. AEM is built on top of the Apache Sling, Apache Felix and Apache Jackrabbit Oak projects. In the talk, the author will share unique methodology on how to approach AEM weabpps in pentests or bug bounty programs. Misconfiguration issues, as well as product vulnerabilities, will be covered in the talk, including newly discovered vulnerabilities for which Adobe PSIRT assigned CVE ids. The author will share automation tool for discovering vulnerabilities and misconfigurations discussed in the talk.
Gabrial Cirlig & Stefan Tanase - Smart Car Forensics and Vehicle Weaponizationhacktivity
As “smart” is becoming the new standard for everything, malicious threat actors are quick to capitalize on the insecurity of IoT devices. Hackers compromising your network and spying on you is not something new in the world of personal computers, but definitely an emerging threat in the world of personal cars.
Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malw...hacktivity
Several tools has been proposed for malware classification and similarity detection of binary malware samples, however none of them can solve all issues. In my presentation, I'll cover the problematics of Locality Sensitive Hashes and provide some experimental information about the comparison of different LSH algorithms. SSDEEPS's base algorithm, spamsum was originally designed for spam email detection. Although it discoveres some similarity between binaries, it basically needs large equal pieces of the byte code. This only happens rarely and can easily be altered. One of the contenders, TLSH (TrendMicro Locality Sensitive Hash) is a more stable similarity matching process. I'm going to present the results of the comparison on a smaller size samples set (~30k samples). Using LSHs is easy and doesn't require huge computational resources so after the process was deemed useful and effective it was extended to a large malware database of multiple hundreds of terabytes of samples. The experiments focus on ransomware sample classification, so I'm also going to present some details related to hunting for fresh unknown malware samples of known groups.
Gergely Biczók - Interdependent Privacy & the Psychology of Likeshacktivity
The Facebook/Cambridge Analytica case headlined technical news the whole Spring of 2018. This case is not the first (and certainly not the last) that demonstrates privacy issues with Facebook and the ecosystem around it; yet, it gained notoriety because of its scale and alleged direct effect on the outcome of the US presidential election. In this talk we look behind the scenes and under the hood and analyze the IT, economic, psychological and legal background necessary to understand the full impact of the Cambridge Analytica case. We touch upon the underlying economic theory on externalities that defines interdependent privacy and sets the scene at a high level; the permission system of the Facebook API that enabled the collection of personal data at scale; the breakthrough psychology research that enabled the use of these data to influence political elections; and the legal impact through the lens of the GDPR.
Paolo Stagno - A Drone Tale: All Your Drones Belong To Ushacktivity
In 2013, DJI Drones quickly gained the reputation as the most stable platform for use in aerial photography and other fields. Since then Drones have increased their field of application and are actively used across various industries (law enforcement and first responders, utility companies, governments and universities) to perform critical operations on daily basis. As a result of that, Drones security has also become a hot topic in the industry.
This talk will provide a comprehensive overview of the security model and security issues affecting the underlying technologies, including existing vulnerabilities in the radio signals, Wi-Fi, Chipset, FPV system, GPS, App and SDK. As part of the presentation, we will discuss the architecture of one of the most famous and popular consumer drone product: the DJI Phantom 3. This model will be used to demonstrate each aspect of discovered security vulnerabilities, together with recommendations and mitigations.
A special focus will be on the recent changes and countermeasures DJI has applied to the firmware of its products in order to harden the security, following the recent accusations and the US Army ban. While the topic of hacking drones by faking GPS signals has been shared before at major security conferences in the past, this talk will extend these aspects to include geo-fencing and no fly zones abuses.
Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.hacktivity
linkcabin aims to discuss the journey of reverse engineering a pub quiz machine, to a point of emulation. By reverse engineering the software, lessons have been learnt in implementation of security, limits in 'security by obscurity' software solutions and how complex actual machines which involve betting are. After reverse engineering parts of the machine, and coming from a threat intelligence background, it becomes clear how similar software and malware developers minds really are for functionality.
While still developing software for an archaic operating system, much like critical infrastructure around the world, it becomes hard to balance both security and functionality.
Zoltán Balázs - Ethereum Smart Contract Hacking Explained like I’m Fivehacktivity
Mining. Ethereum. Smart Contracts. Gas. Solidity. DAO. These words had no or a different meaning 5 years ago. But now these are the foundations of something exciting and powerful. But with great power comes great responsibility. Designing and implementing Smart Contracts are like encryption protocols. Everyone can come up with one which looks secure from the developer’s perspective, but only a few can design and implement one which is really safe.
But how can one hack Smart Contracts? In order to understand this, I will explain the meaning of all of these words in the Ethereum world from the ground-ups with real life analogies. Once the basic building blocks are explained, I will guide you into the world of hacking Smart Contracts. After attending this presentation, everyone will understand how a recursive call can burn 250M USD on the DAO and how developers can create a parallel universe where this never happened. Reinit? Multi-signature wallets? The Parity hack? All of this is simple once the basics are founded.
Warning: case studies from recent real-life hacks and live interaction with Smart Contracts are included. And Cryptokitties. Meow.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Matthias Deeg - Bypassing an Enterprise-Grade Biometric Face Authentication System
1. Biometricks: Bypassing an Enterprise-Grade
Biometric Face Authentication System
October 13, 2018
October 13, 2018 Matthias Deeg | Hacktivity 2018 1
2. Who am I?
Dipl.-Inf. Matthias Deeg
Expert IT Security Consultant
CISSP, CISA, OSCP, OSCE
Interested in information technology – especially
IT security – since his early days
Studied computer science at the University of
Ulm, Germany
IT Security Consultant since 2007
Head of Research & Development
October 13, 2018 Matthias Deeg | Hacktivity 2018 2
3. Agenda
1. Short Introduction to Used Technology
2. Previous Work of Other Researchers
3. Overview of Our Research
4. Attack Surface and Attack Scenario
5. Found Security Vulnerability
6. Demo
7. Conclusion & Recommendations
8. Q&A
October 13, 2018 Matthias Deeg | Hacktivity 2018 3
4. Short Introduction to Used Technology
October 13, 2018 Matthias Deeg | Hacktivity 2018 4
Biometric Face Recognition
Biometric sensor: camera
Feature extraction (landmarks/alignment points)
Mathematical representation of face (model)
Performance metrics, False Accept Rate (FAR), False Reject Rate (FRR), Equal
Error Rate (ERR), Crossover Error Rate (CER), Accuracy, Confidence
Enrollment
Purpose: Identification (one-to-many) or verification (one-to-one) system
Liveliness detection
5. Short Introduction to Used Technology
October 13, 2018 Matthias Deeg | Hacktivity 2018 5
False Reject Rate (FRR):
Measure of an authorized user being incorrectly rejected
False Accept Rate (FAR):
Measure of an unauthorized user (e. g. attacker) being incorrectly accepted
Equal Error Rate (EER) or Crossover Error Rate (CER):
Measure of FAR and FRR being (nearly) the same
7. Short Introduction to Used Technology
October 13, 2018 Matthias Deeg | Hacktivity 2018 7
Near infrared
Electromagnetic radiation
Frequency: 100 - 385 THz
Wavelength: 780 nm - 3 μm
(Source: astronomersgroup.org)
8. Short Introduction to Used Technology
October 13, 2018 Matthias Deeg | Hacktivity 2018 8
Microsoft Windows Hello
Available since Windows 10 (2015)
Windows Biometric Framework (WBF)
Biometric User Authentication
Fingerprint Sign-in
Face Sign-in
9. Short Introduction to Used Technology
October 13, 2018 Matthias Deeg | Hacktivity 2018 9
(Source: Microsoft [1])
10. Short Introduction to Used Technology
October 13, 2018 Matthias Deeg | Hacktivity 2018 10
(Source: Microsoft [1])
Benefits of
near infrared
concerning
feature extraction
11. Short Introduction to Used Technology
October 13, 2018 Matthias Deeg | Hacktivity 2018 11
(Source: Microsoft [1])
12. Short Introduction to Used Technology
October 13, 2018 Matthias Deeg | Hacktivity 2018 12
(Source: Microsoft [1])
Benefits of near infrared concerning spoofing
13. Short Introduction to Used Technology
October 13, 2018 Matthias Deeg | Hacktivity 2018 13
Possession
Knowledge Inherence
Authentication factors
Something you know Something you are
Something you have
14. Previous Work of Other Researchers
Your face is NOT your password by Nguyen Minh Duc and Bui Quang Minh,
2009
Ich sehe, also bin ich ... Du by Jan Krissler (starbug), 2014
Virtual U: Defeating Face Liveness Detection by Building Virtual Models
from Your Public Photos by Yi Xu, True Price, Jan-Michael Frahm, and Fabian
Monrose, 2016
Hacking Galaxy S8 Iris Recognition by Jan Krissler (starbug), 2017
Bkav’s new mask beats Face ID in 'twin way', Bkav, 2017
October 13, 2018 Matthias Deeg | Hacktivity 2018 14
15. Overview of Our Research
October 13, 2018 Matthias Deeg | Hacktivity 2018 15
Project Background:
Customer project with open questions concerning the security of Windows
Hello Face Authentication
Publicly available information about the security of Windows Hello Face
Authentication was scarce
iPhone X with Apple Face ID was to be released in a few weeks (November
2017)
Windows Hello seemed an interesting target to us for learning about
face authentication systems using IR technology
Authentication bypass attack as primary research objective
16. Overview of Our Research
October 13, 2018 Matthias Deeg | Hacktivity 2018 16
(Source: YouTube [2]) (Source: YouTube [3])
17. Test Setup
October 13, 2018 Matthias Deeg | Hacktivity 2018 17
Two test devices:
1. Dell Latitude E7470 with LilBit USB IR Camera
2. Microsoft Surface Pro 4 with integrated IR camera
Different versions and OS builds (revisions) of Windows 10
20. Test Setup
October 13, 2018 Matthias Deeg | Hacktivity 2018 20
LilBit USB IR Camera
Supports Windows Hello
(according to vendor
description)
720p RGB camera
Near infrared camera
(Realtek)
RGB Camera
Near IR Camera
Near IR LEDs
White LED
Near IR LEDs
21. Test Setup
October 13, 2018 Matthias Deeg | Hacktivity 2018 21
Microsoft Surface Pro 4
Supports Windows Hello
Integrated front-facing
1080p RGB camera (5.0 MP)
Integrated Windows Hello
face authentication camera
(near infrared camera)
22. Test Setup
October 13, 2018 Matthias Deeg | Hacktivity 2018 22
RGB Camera
Near IR Camera
Near IR LEDs
White LED
Microsoft Surface Pro 4 front-facing cameras
24. Test Setup
October 13, 2018 Matthias Deeg | Hacktivity 2018 24
Enrollment process using the
LilBit USB IR Camera
(Windows 10 Version 1709)
25. Test Setup
October 13, 2018 Matthias Deeg | Hacktivity 2018 25
Enrollment process using the
built-in near IR camera of the
Microsoft Surface Pro 4
(Windows 10 Version 1607)
27. Test Methodology
October 13, 2018 Matthias Deeg | Hacktivity 2018 27
Black-box testing
Assumptions about inner workings of Windows Hello Face Authentication
Understanding the capabilities of near infrared cameras and exploiting their
way of perceiving the real world
Development of software tools to simplify tests
IR Image Capture: Windows Software Tool for taking IR pictures (source code [15])
PIRI: Python tool for simple image processing (source code [15])
Trial & error (verification/falsification of generated hypotheses)
28. Test Methodology
October 13, 2018 Matthias Deeg | Hacktivity 2018 28
A matter of perception …
Simple software tool IR
Image Capture based on
publicly available source
code by Mike Taulty and
kaorun 55 ([15], [16])
29. Test Methodology
October 13, 2018 Matthias Deeg | Hacktivity 2018 29
A matter of perception … and reflectance
Display Option Result
LED display (e.g. iPad 4) X image cannot be seen by near IR camera
Printout on glossy photo paper X image only badly be seen by near IR camera
Inkjet paper printout (Canon PIXMA MP450) X image cannot be seen by near IR camera
Cathode Ray Tube (CRT, old TV set) X image cannot be seen by near IR camera
Offset print (e.g. fashion magazine) image can be seen perfectly by near IR camera
Laser printout out (e.g. HP LaserJet Pro MFP M277dw) image can be seen well by near IR camera
30. Test Methodology
October 13, 2018 Matthias Deeg | Hacktivity 2018 30
Simple image processing regarding brightness …
def simple_brightness_rgba(im, factor):
"""Simple brightness function for RGBA images"""
data = im.load()
v = int(256 * (factor - 1))
for x in range(im.width):
for y in range(im.height):
c = data[x, y]
r = saturate(c[0] + v, 255)
g = saturate(c[1] + v, 255)
b = saturate(c[2] + v, 255)
data[x, y] = (r, g, b)
31. Test Methodology
October 13, 2018 Matthias Deeg | Hacktivity 2018 31
… and contrast
def simple_contrast_rgba(im, factor):
"""Simple contrast function for RGBA images"""
data = im.load()
level = int(256 * (factor - 1))
f = (259.0 * (level + 255)) / (255.0 * (259 - level))
for x in range(im.width):
for y in range(im.height):
c = data[x, y]
r = saturate(f * (c[0] - 128) + 128)
g = saturate(f * (c[1] - 128) + 128)
b = saturate(f * (c[2] - 128) + 128)
data[x, y] = (r, g, b)
32. Test Methodology
October 13, 2018 Matthias Deeg | Hacktivity 2018 32
Used Near IR cameras supported different image resolutions
340x340 px: LilBit USB IR Camera
480x480 px: Microsoft Surface Pro 4 camera
Primarily, these two cameras were used in combination with the developed
software tool IR Image Capture for taking test pictures
Observation regarding enhanced anti-spoofing feature:
Disabled: Only the near IR camera is used
Enabled: Both the near IR camera and the RGB camera are used
33. Test Methodology
October 13, 2018 Matthias Deeg | Hacktivity 2018 33
Examples of test images:
340x340 px, grayscale image (raw) 340x340 px, colored image (processed)
34. Test Methodology
October 13, 2018 Matthias Deeg | Hacktivity 2018 34
340x340 px, grayscale image (raw)
The size of the actual data used for face
recognition is even smaller
For example,115x190 px in the 340x340 px
example image (shown left), or 160x270 px
in an 480x480 px example image
115x190 px
35. Attack Surface and Attack Scenario
October 13, 2018 Matthias Deeg | Hacktivity 2018 35
Attack surface
Windows logon/lock screen
Windows Hello compatible camera used for Face Authentication
Attack scenario
Attacker with physical access to target device providing access to Windows
logon/lock screen gains unauthorized access to Windows operating system and
stored sensitive data
Thief (stolen device)
Evil maid / cleaning staff (temporary physical access)
36. Found Security Vulnerability
October 13, 2018 Matthias Deeg | Hacktivity 2018 36
Authentication Bypass by Spoofing (CWE-290)
It is possible to bypass the Windows Hello face authentication via a simple
spoofing attack using a printed photo of an authorized person
The paper printout for the attack has the following properties:
1. The image shows a frontal view of the person’s face
2. The image was taken with a near-infrared camera
3. Brightness and contrast were modified via simple image processing methods
4. The paper printout was created with a laser printer
37. Authentication Bypass via Spoofing
October 13, 2018 Matthias Deeg | Hacktivity 2018 37
„Here’s Johnny!”
Unauthorized access to a computer system
39. Test Results
October 13, 2018 Matthias Deeg | Hacktivity 2018 39
Windows Version
Test Device 1
Dell Latitude E7470 with LilBit
Camera
Test Device 2
Microsoft Surface Pro 4
with enhanced anti-
spoofing
without enhanced anti-
spoofing
with enhanced anti-
spoofing
without enhanced anti-
spoofing
Windows 10 Pro (Version 1709, OS Build 16299.98) n/a yes no yes
Windows 10 Pro (Version 1709, OS Build 16299.19) n/a yes untested untested
Windows 10 Pro (Version 1703, OS Build 15063.726) n/a yes no yes
Windows 10 Pro (Version 1703, OS Build 15063.674) n/a yes untested untested
Windows 10 Pro (Version 1703, OS Build 15063.483) n/a yes untested untested
Windows 10 Pro (Version 1607, OS Build 14393.1914) n/a yes yes yes
Windows 10 Pro (Version 1607, OS Build 14393.1770) n/a yes yes yes
Windows 10 Pro (Version 1511, OS Build 10586.1232) n/a yes untested untested
40. Conclusion
Windows Hello Face Authentication can be bypassed by rather simple
means on different Windows 10 versions with different hardware and
software configurations
The enhanced anti-spoofing feature is not supported by all near-infrared
cameras that support the default configuration
October 13, 2018 Matthias Deeg | Hacktivity 2018 40
41. Recommendations
Update the Windows operating system to the latest version and OS build
(revision), at least Version 1703, OS Build 15063.726 according to our test
results
Only use Windows Hello compatible cameras that support the enhanced
anti-spoofing feature
Enable enhanced anti-spoofing feature of Windows Hello (Administrative
Templates Windows Components Biometrics Facial Features
Configure enhanced anti-spoofing)
Reconfigure Windows Hello Face Authentication after software update from
vulnerable version and after configuration changes
October 13, 2018 Matthias Deeg | Hacktivity 2018 41
42. Further Research
Authentication bypass attack against Windows Hello Face Authentication in
current Windows 10 versions (e.g. 1803, 1809)
Maybe a single paper printout is not sufficient anymore, but an attack with
two images could work (near infrared and RGB)?
October 13, 2018 Matthias Deeg | Hacktivity 2018 42
RGB CameraNear IR Camera
Angled Mirrors
near IR info RGB info
43. References
1. Windows Hello face authentication, Microsoft, https://docs.microsoft.com/en-us/windows-
hardware/design/device-experiences/windows-hello-face-authentication, 2017
2. Can Twins Trick Facial Recognition?, The Australian, https://www.youtube.com/watch?v=J1NL246P9Vg
3. Putting Windows Hello to the Test on a Surface Pro 4, Sean Ong,
https://www.youtube.com/watch?v=nMdVHDqJsEs
4. Windows 10 Release Information, Microsoft, https://www.microsoft.com/en-us/itpro/windows-
10/release-information, 2018
5. Biometricks: Bypassing an Enterprise-Grade Biometric Face Authentication System, Matthias Deeg,
https://www.syss.de/pentest-blog/article/2017/12/18/460/, 2017
6. SySS Security Advisory SYSS-2017-027, Matthias Deeg and Philipp Buchegger,
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2017-027.txt, 2017
7. SySS Proof-of-Concept Video, Windows Hello Face Authentication Bypass PoC, Matthias Deeg,
https://www.youtube.com/watch?v=Qq8WqLxSkGs, 2017
October 13, 2018 Matthias Deeg | Hacktivity 2018 43
44. References
8. SySS Proof-of-Concept Video, Windows Hello Face Authentication Bypass PoC II, Matthias Deeg,
https://www.youtube.com/watch?v=GVKKcoOZHwk, 2017
9. SySS Proof-of-Concept Video, Windows Hello Face Authentication Bypass PoC III, Matthias Deeg,
https://www.youtube.com/watch?v=cayqU3WCOso, 2017
10. Your face is NOT your password, Nguyen Minh Duc and Bui Quang Minh,
https://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-
password-slides.pdf, 2009
11. Ich sehe, also bin ich ... Du, Jan Krissler (starbug), https://media.ccc.de/v/31c3_-_6450_-_de_-
_saal_1_-_201412272030_-_ich_sehe_also_bin_ich_du_-_starbug, 2014
12. Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos, Yi Xu,
True Price, Jan-Michael Frahm, and Fabian Monrose,
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_xu.pdf, 2016
October 13, 2018 Matthias Deeg | Hacktivity 2018 44
45. References
13. Hacking Galaxy S8 Iris Recognition by Jan Krissler (starbug), https://media.ccc.de/v/biometrie-s8-iris-en,
2017
14. Bkav’s new mask beats Face ID in 'twin way', Bkav, http://www.bkav.com/d/top-news/-
/view_content/content/103968/bkav%92s-new-mask-beats-face-id-in-twin-way-severity-level-raised-
do-not-use-face-id-in-business-transactions, 2017
15. Kinect V2, Windows Hello and Perception APIs, Mike Taulty, https://mtaulty.com/2015/12/03/m_15988/,
2015
16. PerceptionSamples, kaorun55, https://github.com/kaorun55/PerceptionSamples, 2015
17. SySS Biometricks GitHub Repository, SySS GmbH, https://github.com/SySS-Research/biometricks, 2018
October 13, 2018 Matthias Deeg | Hacktivity 2018 45
46. Thank you very much ...
October 13, 2018 Matthias Deeg | Hacktivity 2018 46
… for your attention.
Do you have any questions?
E-mail: matthias.deeg@syss.de
PGP Fingerprint: D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB
