Regarding the security issues of face recognition, I have written an article before: Detailed explanation of the industry chain behind AI face-changing. In the future, there may be someone behind the fairy sister...
We won’t go into details about the harm caused by facial recognition. In fact, you can see relevant news from various news. News such as being defrauded of 4.3 million yuan in 10 minutes was on Zhihu’s hot search!
Today we will mainly talk about how black and gray products can bypass facial recognition, and how our major companies (especially the financial industry) can defend themselves.
1. Analysis of black and gray attack methods
01 Upgraded attack methods
First of all, we need to know that black and gray production is a complete industrial chain. Take our simple industrial chain of "wool harvesting" as an example:
When it comes to the financial industry, the entire black and gray industry will be hidden deeper, and the industry will be more complex. And they will provide various attack methods and tutorials. In the field of face recognition attacks, they have upgraded from face data editing to the device + program dimension .
Face data editing:
Equipment + program dimension:
In other words, the black and gray manufacturers are now changing their guns and making progress! (We need to be vigilant!)
02 attack position
Face recognition attacks mainly target two locations:
Position 1: Hijack the camera. The core idea is to add a bypass system to the APP that is not controlled by the APP owner. This bypass controls the APP so that it should receive the face data captured by the system wake-up camera instead of receiving the face data it has prepared.
Position 2: Hijacking the face recognition return interface. The core idea is to bypass the face recognition process and directly replace the server to return the results, thereby passing the face recognition verification process.
We won’t go into too much detail here (for fear that someone might learn from it). Let’s briefly talk about the process of “hijacking the camera”:
In this part, the black and gray products will first make preparations for the attack. For example, corresponding attack equipment and face data (you can buy a bunch of face data now for 2 yuan), and analyze the target program at the same time (usually black and gray products will use jadx to analyze the target program)
The next step is to obtain the permissions of the device and install the attack framework. Finally, the camera is hijacked and facial data is fed to it
Of course, there are many other ways for black and gray products to crack attacks, but generally they need to prepare face data in advance (record or purchase in advance), so for each of us, if we can protect our own face data, It will not be used by criminals.
2. Face recognition solution
The current mainstream facial recognition solution architecture is generally as follows:
The idea of the entire solution is to use advanced technologies such as threat probes, flow computing, and machine learning to create an active defense platform that integrates equipment risk analysis, operational attack identification, abnormal behavior detection, early warning, and disposal. The most important thing to achieve: threat perception in face recognition scenarios, identification and disposal, and immediate blocking of known threats.
01 Risk perception and defense capabilities
Regarding whether to inject, app signature, package name, etc., it is generally perceived through the following two strategies:
Face-swiping risk strategy: Application function hijacking attack method: HOOK hijack the key function calling relationships within the APP. After the liveness detection is completed, the photo is replaced with the attacker's designated photo before the data packet is sent;
Secondary packaging identification strategy: The policy configures the package name signature size of the app and matches these parameters to determine whether there is secondary packaging.
02 Equipment risk information
The device portrait generated based on historical data and correlation analysis can present all historical requests of the current device, risk tags that have appeared, frequent login locations, associated IPs, etc.
03 Actively block risks
Terminal response processing: Perform response processing on the client, and handle the corresponding risks at the terminal as soon as possible. This method can be adopted for high-level risks or core operations.
Business response processing: Combined with the business and risk control systems, output the risks discovered by the terminal and the corresponding strategy analysis results to the business/risk control system, and then combine the business processes for manual processing, blacklisting and other operations
for example:
For example, once we detect "repackaging monitoring", we can choose to exit the App and interrupt the process on the terminal, while on the business side we can choose to interrupt the business and join the blacklist;
And if "camera hijacking" is detected, then on the terminal we can choose to exit the APP, terminal prompts, interrupt the service, and on the business end we can choose to interrupt the service, blacklist, and manual review
…
Different response methods can be selected on the terminal and business side for different scenarios.
04 Attack recovery and manual intervention capabilities
Based on our manual review center , we can:
- Black data precipitation: Risk data such as IPs and devices can be added to the blacklist to empower defense
- Behavior analysis: Analyze historical behaviors, summarize habitual characteristics, and support real-time calculations for decision-making engines and model platforms.
- Manual verification: Verify whether it is a real risk through human analysis and other means
- Restoration of attack behavior: Restoration of black and gray environment and attack methods
- Risk event monitoring: Monitor risk events, including hit defense strategies and disposal actions
- Review condition settings: Events that hit the review conditions are automatically added to the manual review center
- Claiming and allocation mechanism, etc.: Reviewers can claim or assign risk events to corresponding personnel for verification
At the same time, based on this system, we can also play back every step of the black and gray attack data, hit defense strategies and disposals in the system, and all behaviors are traceable .
3. Conclusion
For the prevention and control of facial recognition attack methods, in order to achieve a closed loop of the entire process, efforts need to be made from threat perception, protection and handling, data mining, monitoring and early warning, and behavioral analysis. At present, mainstream manufacturers basically start with methods to upgrade their own methods. system.
At present, the main targets of attacks are concentrated in the financial industry, especially banks. After all, the money is there... Therefore, bank risk control personnel need to pay high enough attention to prevent criminals from breaking through their own defense systems no matter what means they adopt. (Self-reporting that you are going to rob a bank does not count)
If you need a face recognition solution, click >>> Face Recognition Solution