The future is here! Adding "AI" to the device description will surely increase its price. But what about security? We looked at three biometric authentication systems equipped with machine-learning features. How much ML and security are actually there? What new threats does the "AI" buzzword on the box bring? Is there any difference between $100 and $1,000 devices? One of the collateral AI risks we were hunting for is data privacy. And yes, we confirmed the emerging threat to customer data within these and similar devices. To actually try and hack ML engines, we had to use various creative techniques to bypass liveness checks and automate our ML attacks. One of these attacks aimed to create and print a "universal synthetic face" that could bypass authentication mechanisms. This presentation will be a source of inspiration for ML hackers, physical pentesters, appsec, hardware security engineers, and, of course, futurists writing about emerging technologies and threats.
Introduction to Android and Android StudioSuyash Srijan
This is a presentation that I gave at Google Developer Group Oxford to introduce people to Android development and Android Studio IDE, which is used to build Android apps. This presentation gives a brief overview of the platform and fundamentals of the app and what developer tools are available.
PS: Some slides do not have any text accompanying it. That is either because it wasn't relevant or because the text would've been too long to put on the corresponding slide.
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...Edureka!
(** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **)
This ‘Parrot Security OS’ PPT by Edureka will help you learn all about one of the topmost Linux distribution for ethical hacking – Parrot Security OS.
Below is the list of topics covered in this session:
Linux Distributions for Ethical Hacking
Parrot Security OS
Kali Linux vs Parrot Security OS
How to install Parrot Security?
Parrot Security OS Tools
Cyber Security Playlist: https://bit.ly/2N2jlNN
Cyber Security Blog Series: https://bit.ly/2AuULkP
Instagram: https://www.instagram.com/edureka_lea...
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Just created a slideshare presentation giving a basic introduction to the Confidentiality, Integrity & Availability (CIA) Security Model. You can see more slideshows on http://www.slideshare.net/ImranahmedIT or visit my website: http://imran-ahmed.co.uk
Network traffic analysis with cyber securityKAMALI PRIYA P
We are students from SRM University pursuing B.TECH in Computer Science Department. We took a small initiative to make a PPT about how network traffic can be analyzed through Cyber Security. We have also mentioned the known network analyzers and future scope for network traffic analysis with cyber security.
INTRODUCTION TO COMPUTER FORENSICS
Introduction to Traditional Computer Crime, Traditional problems associated with Computer Crime. Introduction to Identity Theft & Identity Fraud. Types of CF techniques – Incident and incident response methodology – Forensic duplication and investigation. Preparation for IR: Creating response tool kit and IR team. – Forensics Technology and Systems – Understanding Computer Investigation – Data Acquisition.
UNIT-II Initial Response and forensic duplication, Initial Response & Volatile Data Collection from Windows system -Initial Response & Volatile Data Collection from Unix system – Forensic Duplication: Forensic duplication: Forensic Duplicates as Admissible Evidence, Forensic Duplication Tool Requirements, Creating a Forensic. Duplicate/Qualified Forensic Duplicate of a Hard Drive
Forensic science is a scientific method of gathering and examining information about the past which is then used in the court of law. Digital Forensics is the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital devices for the purpose of facilitation or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.
It has all details related to cyber security information hiding.It mainly focuses on steganography and its major details.The ppt also shows is applications.
Technology that identifies you based on your physical or behavioral traits- for added security to confirm that you are who you claim to be.(this ppt is very dear to me as i have given a talk on this topic twice. this also fetched me and migmar first prize at deen dayal upadhyay college- converging vectors - an inter college presentation competition organized by arya bhata science forum)
Introduction to Android and Android StudioSuyash Srijan
This is a presentation that I gave at Google Developer Group Oxford to introduce people to Android development and Android Studio IDE, which is used to build Android apps. This presentation gives a brief overview of the platform and fundamentals of the app and what developer tools are available.
PS: Some slides do not have any text accompanying it. That is either because it wasn't relevant or because the text would've been too long to put on the corresponding slide.
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...Edureka!
(** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **)
This ‘Parrot Security OS’ PPT by Edureka will help you learn all about one of the topmost Linux distribution for ethical hacking – Parrot Security OS.
Below is the list of topics covered in this session:
Linux Distributions for Ethical Hacking
Parrot Security OS
Kali Linux vs Parrot Security OS
How to install Parrot Security?
Parrot Security OS Tools
Cyber Security Playlist: https://bit.ly/2N2jlNN
Cyber Security Blog Series: https://bit.ly/2AuULkP
Instagram: https://www.instagram.com/edureka_lea...
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Just created a slideshare presentation giving a basic introduction to the Confidentiality, Integrity & Availability (CIA) Security Model. You can see more slideshows on http://www.slideshare.net/ImranahmedIT or visit my website: http://imran-ahmed.co.uk
Network traffic analysis with cyber securityKAMALI PRIYA P
We are students from SRM University pursuing B.TECH in Computer Science Department. We took a small initiative to make a PPT about how network traffic can be analyzed through Cyber Security. We have also mentioned the known network analyzers and future scope for network traffic analysis with cyber security.
INTRODUCTION TO COMPUTER FORENSICS
Introduction to Traditional Computer Crime, Traditional problems associated with Computer Crime. Introduction to Identity Theft & Identity Fraud. Types of CF techniques – Incident and incident response methodology – Forensic duplication and investigation. Preparation for IR: Creating response tool kit and IR team. – Forensics Technology and Systems – Understanding Computer Investigation – Data Acquisition.
UNIT-II Initial Response and forensic duplication, Initial Response & Volatile Data Collection from Windows system -Initial Response & Volatile Data Collection from Unix system – Forensic Duplication: Forensic duplication: Forensic Duplicates as Admissible Evidence, Forensic Duplication Tool Requirements, Creating a Forensic. Duplicate/Qualified Forensic Duplicate of a Hard Drive
Forensic science is a scientific method of gathering and examining information about the past which is then used in the court of law. Digital Forensics is the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital devices for the purpose of facilitation or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.
It has all details related to cyber security information hiding.It mainly focuses on steganography and its major details.The ppt also shows is applications.
Technology that identifies you based on your physical or behavioral traits- for added security to confirm that you are who you claim to be.(this ppt is very dear to me as i have given a talk on this topic twice. this also fetched me and migmar first prize at deen dayal upadhyay college- converging vectors - an inter college presentation competition organized by arya bhata science forum)
International Journal of Engineering and Science Invention (IJESI)inventionjournals
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
Scale Invariant Feature Transform Based Face Recognition from a Single Sample...ijceronline
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
The information age is quickly revolutionizing the way transactions are completed. Everyday actions are increasingly being handled electronically, instead of with pencil and paper or face to face. This growth in electronic transactions has resulted in a greater demand for fast and accurate user identification and authentication. Access codes for buildings, banks accounts and computer systems often use PIN's for identification and security clearences. Using the proper PIN gains access, but the user of the PIN is not verified. When credit and ATM cards are lost or stolen, an unauthorized user can often come up with the correct personal codes. Despite warning, many people continue to choose easily guessed PINâ„¢s and passwords: birthdays, phone numbers and social security numbers. Recent cases of identity theft have highten the need for methods to prove that someone is truly who he/she claims to be. Face recognition technology may solve this problem since a face is undeniably connected to its owner expect in the case of identical twins. Its nontransferable. The system can then compare scans to records stored in a central or local database
Similar to Unlocking Any Door In The 21st Century. Immersion In Biometric Security. (20)
We interact with payments every day. Yet how many of us actually know how they work? Join us to learn about payments and techniques for spotting vulnerabilities in them.
This is a "payments 101" training course covering vulnerability research in payments and related issues and attacks.
The main goal of this course is to break the status quo of payment insecurity. We help our audience to gain a better understanding to:
Find vulnerabilities in payment systems while staying within the law
Obtain necessary skills and equipment - Learn from the best in the industry—and leave with your wallet a little lighter.
Payment technologies are an integral part of our lives, yet few of us know much about them. What payment security consists of? What careers options it can bring to the table? What exiting security research hackers had come up in the last decade and how can you fit into that? We are not promising to answer all your questions, but we will try to help you with the first steps and give guidelines to move forward.
NO1 Uk Amil Baba In Lahore Kala Jadu In Lahore Best Amil In Lahore Amil In La...Amil baba
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
MATHEMATICS BRIDGE COURSE (TEN DAYS PLANNER) (FOR CLASS XI STUDENTS GOING TO ...PinkySharma900491
Class khatm kaam kaam karne kk kabhi uske kk innings evening karni nnod ennu Tak add djdhejs a Nissan s isme sniff kaam GCC bagg GB g ghan HD smart karmathtaa Niven ken many bhej kaam karne Nissan kaam kaam Karo kaam lal mam cell pal xoxo
MATHEMATICS BRIDGE COURSE (TEN DAYS PLANNER) (FOR CLASS XI STUDENTS GOING TO ...
Unlocking Any Door In The 21st Century. Immersion In Biometric Security.
1. Unlocking any door in the 21st century
Immersion in biometric security
1
Timur Yunusov & Alexandra Murzina
2. Who we are
● ex A-Team Cyber R&D Lab
● Head of research
● Senior ML security expert
2
3. Outline
● Current state of AI/ML in biometrics
● ML attacks landscape
● Attacking devices
○ Device 1 - undisclosed
○ Device 2 - ZKTeco
○ Device 3 - Eufy
● Conclusions
● Security Checklist
3
4. United States:
State-specific biometric laws, e.g., BIPA in Illinois and CCPA in California.
FBI uses biometrics for law enforcement and border control.
China:
Extensive government use of biometrics for surveillance and security.
Requirement to store critical data, including biometrics, within the
country.
India:
Aadhaar Act regulates biometric data collected under Aadhaar
program.
Proposed Data Privacy Bill aims for comprehensive data protection.
European Union (EU):
GDPR regulates biometric data with explicit consent and stringent
protection.
United Arab Emirates (UAE):
DIFC's data protection law covers biometric data.
Government uses biometrics extensively for security and services.
Japan:
APPI regulates personal data, including biometrics, with consent and
protection.
Legislation
United Kingdom:
Data Protection Act regulates personal data processing, including
biometrics.
Independent oversight of law enforcement biometric use by Biometrics
Commissioner.
South Korea:
PIPA considers biometric data "sensitive," requiring consent and
protection.
Regulations allow biometric authentication in financial transactions.
Brazil:
LGPD regulates personal data processing, including biometrics, with
consent and protection.
Requires security measures and impact assessments.
South Africa:
POPIA regulates personal data processing, including biometrics, with
consent and protection.
Russia:
Personal Data Law mandates consent for biometric processing.
Federal Law regulates fingerprinting.
Unified Biometric System enables bank identification.
Government uses biometrics for security and law enforcement.
4
8. Physical Biometric
Modalities
Fingerprint Recognition
Face Recognition
Iris Recognition
Retina Recognition
Hand Geometry
Vein Recognition
Ear Recognition
DNA Biometrics
Behavioral Biometric
Modalities
Voice Recognition
Signature Recognition
Keystroke Dynamics
Gait Recognition
Mouse Dynamics
Early Methods, Eigenfaces
initially, manual analysis of facial features in photos measured distances and angles between
landmarks like eyes and nose. Automated face recognition began in the late 1980s with Eigenfaces,
using PCA to extract features from grayscale images, representing faces as weighted "eigenfaces."
Local Feature Methods
techniques like LBP and Gabor wavelets focused on specific face regions, capturing texture and
local changes.
2D and 3D Face Models
2D and 3D face models accounted for pose and expression variations, with 3D models providing
depth information.
8
9. Physical Biometric
Modalities
Fingerprint Recognition
Face Recognition
Iris Recognition
Retina Recognition
Hand Geometry
Vein Recognition
Ear Recognition
DNA Biometrics
Behavioral Biometric
Modalities
Voice Recognition
Signature Recognition
Keystroke Dynamics
Gait Recognition
Mouse Dynamics
Early Methods, Eigenfaces
initially, manual analysis of facial features in photos measured distances and angles between
landmarks like eyes and nose. Automated face recognition began in the late 1980s with Eigenfaces,
using PCA to extract features from grayscale images, representing faces as weighted "eigenfaces."
Local Feature Methods
techniques like LBP and Gabor wavelets focused on specific face regions, capturing texture and
local changes.
2D and 3D Face Models
2D and 3D face models accounted for pose and expression variations, with 3D models providing
depth information.
Machine Learning and Deep Learning
machine learning and deep learning techniques, like SVMs and CNNs, automatically learned and
extracted facial features from large datasets, enhancing recognition accuracy and robustness.
9
10. Physical Biometric
Modalities
Fingerprint Recognition
Face Recognition
Iris Recognition
Retina Recognition
Hand Geometry
Vein Recognition
Ear Recognition
DNA Biometrics
Behavioral Biometric
Modalities
Voice Recognition
Signature Recognition
Keystroke Dynamics
Gait Recognition
Mouse Dynamics
Early Methods, Eigenfaces
initially, manual analysis of facial features in photos measured distances and angles between
landmarks like eyes and nose. Automated face recognition began in the late 1980s with Eigenfaces,
using PCA to extract features from grayscale images, representing faces as weighted "eigenfaces."
Local Feature Methods
techniques like LBP and Gabor wavelets focused on specific face regions, capturing texture and
local changes.
2D and 3D Face Models
2D and 3D face models accounted for pose and expression variations, with 3D models providing
depth information.
Machine Learning and Deep Learning
machine learning and deep learning techniques, like SVMs and CNNs, automatically learned and
extracted facial features from large datasets, enhancing recognition accuracy and robustness.
Depth Sensing and Infrared Cameras
Modern systems use depth sensing and infrared cameras to capture facial information in
challenging lighting or obscured faces, enabling accurate recognition and spoof detection.
Multi-modal and Fusion Methods
Combining multiple biometric modalities, such as face and voice or fusing 2D and 3D data, has
enhanced recognition performance.
Emotion Recognition and Liveness Detection
Recent advancements include emotion recognition from facial expressions and liveness detection
to verify the subject's presence.
10
11. Physical Biometric
Modalities
Fingerprint Recognition
Face Recognition
Iris Recognition
Retina Recognition
Hand Geometry
Vein Recognition
Ear Recognition
DNA Biometrics
Behavioral Biometric
Modalities
Voice Recognition
Signature Recognition
Keystroke Dynamics
Gait Recognition
Mouse Dynamics
Face Detection
algorithms like Haar cascades or SSD locate and isolate faces in
images or video streams.
Face Alignment
detected faces are transformed into a standard format by
rotating, scaling, and translating them for uniformity.
Feature Extraction
machine learning models, such as CNNs, extract unique facial
features and create a face embedding or feature vector.
Face Matching
extracted features are compared with stored feature vectors
using distance metrics like Euclidean or cosine distance.
Systems identify the closest match or verify if the face matches
a specific representation.
Decision Making
the system determines whether to accept or reject
identification or verification based on matching results,
sometimes providing a confidence score or probability.
11
12. Physical Biometric
Modalities
Fingerprint Recognition
Face Recognition
Iris Recognition
Retina Recognition
Hand Geometry
Vein Recognition
Ear Recognition
DNA Biometrics
Behavioral Biometric
Modalities
Voice Recognition
Signature Recognition
Keystroke Dynamics
Gait Recognition
Mouse Dynamics
Face Detection
algorithms like Haar cascades or SSD locate and isolate faces in
images or video streams.
Face Alignment
detected faces are transformed into a standard format by
rotating, scaling, and translating them for uniformity.
Feature Extraction
machine learning models, such as CNNs, extract unique facial
features and create a face embedding or feature vector.
Face Matching
extracted features are compared with stored feature vectors
using distance metrics like Euclidean or cosine distance.
Systems identify the closest match or verify if the face matches
a specific representation.
Decision Making
the system determines whether to accept or reject
identification or verification based on matching results,
sometimes providing a confidence score or probability.
12
13. Physical Biometric
Modalities
Fingerprint Recognition
Face Recognition
Iris Recognition
Retina Recognition
Hand Geometry
Vein Recognition
Ear Recognition
DNA Biometrics
Behavioral Biometric
Modalities
Voice Recognition
Signature Recognition
Keystroke Dynamics
Gait Recognition
Mouse Dynamics
Face Detection
algorithms like Haar cascades or SSD locate and isolate faces in
images or video streams.
Face Alignment
detected faces are transformed into a standard format by
rotating, scaling, and translating them for uniformity.
Feature Extraction
machine learning models, such as CNNs, extract unique facial
features and create a face embedding or feature vector.
Face Matching
extracted features are compared with stored feature vectors
using distance metrics like Euclidean or cosine distance.
Systems identify the closest match or verify if the face matches
a specific representation.
Decision Making
the system determines whether to accept or reject
identification or verification based on matching results,
sometimes providing a confidence score or probability.
13
14. Physical Biometric
Modalities
Fingerprint Recognition
Face Recognition
Iris Recognition
Retina Recognition
Hand Geometry
Vein Recognition
Ear Recognition
DNA Biometrics
Behavioral Biometric
Modalities
Voice Recognition
Signature Recognition
Keystroke Dynamics
Gait Recognition
Mouse Dynamics
Face Detection
algorithms like Haar cascades or SSD locate and isolate faces in
images or video streams.
Face Alignment
detected faces are transformed into a standard format by
rotating, scaling, and translating them for uniformity.
Feature Extraction
machine learning models, such as CNNs, extract unique facial
features and create a face embedding or feature vector.
Face Matching
extracted features are compared with stored feature vectors
using distance metrics like Euclidean or cosine distance.
Systems identify the closest match or verify if the face matches
a specific representation.
Decision Making
the system determines whether to accept or reject
identification or verification based on matching results,
sometimes providing a confidence score or probability.
14
15. Physical Biometric
Modalities
Fingerprint Recognition
Face Recognition
Iris Recognition
Retina Recognition
Hand Geometry
Vein Recognition
Ear Recognition
DNA Biometrics
Behavioral Biometric
Modalities
Voice Recognition
Signature Recognition
Keystroke Dynamics
Gait Recognition
Mouse Dynamics
Face Detection
algorithms like Haar cascades or SSD locate and isolate faces in
images or video streams.
Face Alignment
detected faces are transformed into a standard format by
rotating, scaling, and translating them for uniformity.
Feature Extraction
machine learning models, such as CNNs, extract unique facial
features and create a face embedding or feature vector.
Face Matching
extracted features are compared with stored feature vectors
using distance metrics like Euclidean or cosine distance.
Systems identify the closest match or verify if the face matches
a specific representation.
Decision Making
the system determines whether to accept or reject
identification or verification based on matching results,
sometimes providing a confidence score or probability.
15
17. ML attacks landscape v1
AI App Security Risk
Model
Security
• Adversarial ML
• Model
Backdoor
• Model Theft
Implementation
Security
• Sensor Security
• Flaws in Framework
• Logical Flaws
Data Integrity
Security
• Data Poisoning
• Scaling Attack
• Risk over Network
https://tinyurl.com/4fh7j3ky
17
18. https://tinyurl.com/339uetbz
18
AI Attacks
Promt
injection
Training
attacks
AI Agents Tools Storage Models
# alter agent routing
# send commands to
undefined systems
# execute arbitrary
commands on backend
business systems
# pass through injection on
connected tool systems
# code execution on agent
system
# attack embedding
databases
# extract sensitive data
# modify embedding data
resulting in tampered model
results
# bypass model protections
# force model to exhibit bias
# extraction of other users' and/or
backend data
# force model to exhibit intolerant
behavior
# poison other users' results
# disrupt model trust/reliability
#access unpublished models
# introduce bias into
the model
# disrupt model
trust/reliability
ML attacks landscape v2
19. Biometric attacks landscape
19
Data
acquisition
Feature
Extraction
Face Matching Decision
Data Storage
Attack on the
sensor by biometric
presentation type
Sample
replacement
Attack
on the signal
processor
Pattern
replacement
Attack on the
comparison
algorithm
Value
replacement
Decision
replacement
Replacement of
sample (pattern)
Replacement of link
to sample
Biometrics
attack
Infrastructure attacks
22. Device #1
1) The customer bought an expensive B2B device
which we audited in their work environment
2) Typically, multiple devices are ordered for the
project:
one — for physical hacking, the second — for
logical and testing, the third is a backup
3) The result of the physical audit. Categories of
cameras in systems and in our system. The reason
for using depth cameras
22
24. Assumption #1
How does it work?
1) Detecting a face in
the frame.
2) Checking Liveness
with the depth
camera.
3) Capture the face from
the visible range
camera.
4) Pre-processing.
5) DNN
6) Comparison with the
database using
threshold 2500
depth camera 2 x visible
light camera
24
25. Assumption #1
How does it work?
1) Detecting a face in
the frame.
2) Checking Liveness
with the depth
camera.
3) Capture the face
from the visible
range camera.
4) Pre-processing.
5) DNN
6) Comparison with the
database using
threshold 2500
25
26. What if there are multiple faces in the
frame?
The larger head is the one being analyzed.
Assumption #2 | Multiple faces
26
27. Assumption #3 | universal face?
You need to pass 2500 threshold to get access.
Hypothesis — It is possible to authenticate
without having a photo of the reference user.
Create a generated face and present it to the
system via a spoofed channel.
27
28. 28
Assumption #3 | universal face?
Variational
Autoencoder
CelebA Dataset
Face Super-
Resolution
model
score > 2500 ?
digital physical
NO YES
29. Results #1
● The study unveils inadequate utilization of depth
camera data by the vendor.
● This deficiency may stem from hardware limitations,
potentially rendering the system more vulnerable to
attacks. Deep learning models do not interact with
depth maps in any way.
● Incorporating depth data in the training process
could enhance system reliability.
● However, it may also introduce complexities in the
preparation of training datasets.
29
30. Device #2 (ZKTeco)
1) Time tracking terminal
2) No CUDA
3) ML algorithms from 2010
30
32. How it works
32
Biometrical algorithms:
1) Gabor Filters https://t.co/CBFKums9TO
2) Local Binary Pattern https://t.co/OxYFkTZTP0
Gabor filter
Local binary pattern
As seen by the infrared
light camera
35. LED lamp inspiration
35
LED lamps emit a lot of their
energy in the form of
infrared light
printing a photo on transparent film
shining an
incandescent light
through it
36. Results #2
● We discovered logical vulnerabilities in the terminal,
enabling a more detailed examination of its
functioning.
● One notable attempt involved creating a unique
single-frame screen displayed on transparent film
and illuminated with infrared light
● Unfortunately, the terminal exhibited high sensitivity
to specific changes. For instance, it identified the
same user differently when wearing or not wearing
glasses, treating them as distinct individuals.
● Nevertheless, the combination of technologies,
including Gabor filters, local binary patterns, and an
infrared camera, provides a solid defense against
potential attacks
36
37. Device #3 (Eufy)
Smart doorbells become the part of everyone’s life
Vendors add “AI” to the device
Now the product is more complex
Is it more secure now?
37
38. Overview ● The Smart Doorbell is a high-tech home security device.
It offers HD video, two-way audio, motion detection, and
local storage (c)
● It's privacy-focused with robust encryption and
integrates with other devices (c)
38
39. Issue #1: Man-in-the-middle attack
Device checks for firmware
updates every time it boots
There’s no SSL pinning
Firmware is “signed” with MD5
39
40. Issue #2: Military grade encryption
● All videos are stored on a 4GB “smart
hub”
● There’s AES-128 encryption
● Key is generate using srand() PRNG
● Seed is time()
● 30s to find the key and decrypt the
videos
40
41. Issue #3: Authorisation bypass
Every snapshot is
uploaded to AWS
Server generates AWS
signature for
uploading/downloading
41
42. Issue #3: Authorisation bypass
Every snapshot is uploaded to AWS
Server generates AWS signature for
uploading/downloading
Path traversal in link signature generation
Any snapshot of any eufy user is available
42
43. Issue #4: Unlocked USB-OTG
Direct physical access to shell
Access to firmware binaries
model.bin.tar
43
44. Overview
● The Smart Doorbell is a high-tech home security device.
It offers HD video, two-way audio, motion detection, and
local storage (c)
● It's privacy-focused with robust encryption and
integrates with other devices (c)
● You can choose between battery or wired installation,
and it's weather-resistant. Control it via a user-friendly
app for remote monitoring and alerts (c)
44
45. Overview
● The Smart Doorbell is a high-tech home security device.
It offers HD video, two-way audio, motion detection, and
local storage (c)
● It's privacy-focused with robust encryption and
integrates with other devices (c)
● You can choose between battery or wired installation,
and it's weather-resistant. Control it via a user-friendly
app for remote monitoring and alerts (c)
45
49. Lessons learned
Newer, better, more secure - False
More advanced ML - more resilient algorithms - False
Cheaper devices - less security - False
49
50. Checklist
50
Hardware/Software
- Enumerate interfaces
- ethernet
- USB, serial and debugging ports
- mics and cameras
- Investigate available cameras
- infra-red, depth camera, etc
- Firmware
- Download the FW from public or using MiTM
- Open a device and extract the FW from a chip
- Get information about the vendor
- Can the models and algorithms be extracted
- Where and how images/videos are stored and processed (cloud or on-prem)
- Assess the infrastructure and public libs
Data privacy & Model robustness (Grey Box)
- Errors in the recognition pipeline
- Adversarial attacks
- deepfakes
- universal faces
- similar faces
- Liveness checks
Data integrity & Model confidentiality tests (Black Box)
- Interfering with sensors
- With light
- By the channel interference
- Spoofing
- Determine crucial elements on a face by overlapping parts
- Can we use a digital face instead, e.g., a large LCD
- DDoS by presenting a large number of faces
- Applying patches and masks
- Data stealing
- Targeted and untargeted attacks