With social media on the rise, it is safe to say that all our lives are on the internet for the world to see. Whether you have your profile set to private or public, your picture is visible to the world.
Experts say, right now, there are tools which allow hackers to employ phishing software with the help of facial recognition to get into your organization.
The most affected social media service by these algorithms and penetration trends is LinkedIn where it’s suggested and encouraged to use a profile picture. It has happened before.
Is it happening already?
Facial recognition was used (in many cases) to hack into systems which utilize face biometrics such as the iPhone X. Deceiving the software is not difficult: Using pictures and 3D renders of a victim’s face from Facebook profiles, they can gain access to the system, according to the Wired, a tech news site.
Now, just like the tech has evolved, so have the methods hackers use to target your data.
How can it be used against you?
Let’s assume a security penetration specialist wants to breach a firm’s internal security files with phishing.
The usual procedure is sending an email with a phishing link to a victim who will then be asked to enter his/her details and while it is sent to the hacker, according to Forbes, this is no longer a reliable phishing campaign.
Instead, hackers are now moving to social media for their attempts. Finding an easily hackable employee from a basket of a thousand other employees can be a daunting task for a hacker. A new program called Social Mapper can match faces (using only the profile picture) and names, create fake social media profiles to ‘friend’ the targets and send them links or malware. Recent statistics show social media users are more than twice as likely to click on links and open documents compared to those delivered via email, according to Forbes.
Social Mapper can also trick users into disclosing their emails and phone numbers with vouchers and offers to make the pivot into phishing, vishing or smishing.
It also creates custom phishing campaigns for each social media site, knowing that the target has an account. Make these more realistic by including their profile picture in the email. Capture the passwords for password reuse.
The software can also target photos looking for employee access card badges and familiarize yourself with building interiors.
IBM has also developed its own malware called DeepLocker, for the sole purpose of testing this hacking method.
“DeepLocker is a new class of highly evasive and highly targeted malware that fundamentally differs from any malware that exists today,” Dr. Marc Ph. Stoecklin, a principal research scientist for cognitive cybersecurity intelligence at IBM Research, told Forbes.
The malware conceals its intent until the artificial intelligence within identifies the target via indicators like facial and voice recognition or geolocation.
Ultimately, the researchers want DeepLocker to help them understand the future of security and, possibly, cyberwarfare.
How to protect yourself
Currently, face recognition software can detect and identify any picture you are in 70% of the time.
A recent report by The Outline, a news outlet, claims that face painting can disorient facial recognition software. Specifically, the face paint Juggalo.
Face-painting styles like “corpse” makeup also obscure the face.
However, they don’t create enough contrast to effectively confuse most facial recognition systems.
“Dramatic styles of female makeup, like heavy eyeliner, are generally not enough to confuse facial recognition systems,” said The Outline.
Still, facial recognition tech such as Apple’s Face ID, which does not rely on visible light and uses depth perception, would not be tricked by makeup.
People are constantly trying to come up with ways to work around facial recognition technology using everything from rigged hats (if you’re out in public) to heavy pixelation (if you’re online).