Presented at
Black Hat USA 2019,
Aug. 7, 2019, 10:30 a.m.
(25 minutes).
<p><span style="font-size: 10pt;" data-mce-style="font-size: 10pt;">Biometric authentication has been widely used in scenarios such as device unlocking, App login, real-name authentication and even mobile payment. It provides people with a more convenient authentication experience compared with traditional technique like password.</span></p><p><span style="font-size: 10pt;" data-mce-style="font-size: 10pt;">A classic biometric authentication process includes biometrics collection, preprocessing, liveness detection and feature matching. With the leakage of biometric data and the enhancement of AI fraud ability, liveness detection has become the Achilles' heel of biometric authentication security as it is to verify if the biometric being captured is an actual measurement from the authorized live person who is present at the time of capture. Previous research mainly focused on how to generate fake data but lack of systematic survey on the security of liveness detection. </span></p><p><span style="font-size: 10pt;" data-mce-style="font-size: 10pt;">In this talk, we'll introduce our arsenal of attacking liveness detection and show how to apply them to bypass several off-the-shelf biometric authentication products, including 2D/3D facial authentication and voiceprint authentication. Our arsenal includes the following two kinds of weapons: </span></p><ul><li><span style="font-size: 10pt;" data-mce-style="font-size: 10pt;">-Injecting fake video or audio streams by evil hardware to hidden attack media</span></li><li><span style="font-size: 10pt;" data-mce-style="font-size: 10pt;">-Creating specific recognition scene to trigger the defect of liveness detection algorithm</span></li></ul><p><br><span style="font-size: 10pt;" data-mce-style="font-size: 10pt;">Make use of above weapons and combinations thereof, we can:</span></p><ul><li><span style="font-size: 10pt;" data-mce-style="font-size: 10pt;">-Compromise App's biometric-based login or password recovery function then log in victim's account remotely by injecting fake video or audio streams which generated from a face photo or a short phone recording</span></li><li><span style="font-size: 10pt;" data-mce-style="font-size: 10pt;">-Unlock a victim's mobile phone and then transfer his money through mobile payment App by placing a tape-attached glasses (we named it X-glasses) above sleeping victim's face to bypass the attention detection mechanism of both FaceID and other similar technologies.</span></li></ul><p><span style="background-color: initial; font-size: 10pt;" data-mce-style="background-color: initial; font-size: 10pt;"><br>In addition, we propose a new attack model to log in App remotely based on hardware injection and device ID spoofing.</span><br></p>
Presenters:
-
Bin Ma
- Security Researcher, Tencent Security Xuanwu Lab
Bin Ma is a security researcher in Xuanwu Lab of Tencent. His research focus on system security and application security especially on mobile platform and he has found many popular Apps which affected by Clone Vulnerability. Additionally, some of his research has been accepted by conferences including RAID, IEEE S&P earlier. He has spoken at Black Hat Asia 2019.
-
Zhuo Ma
- Security Researcher, Tencent Security Xuanwu Lab
HC MA has been doing security research on Windows for about 4 years and mainly focuses on unpacking, algorithm reversing and de-virualization. HC also focused attention on Hardware hacking and firmware reverse-engineering from 2013. In 2015,HC gave a talk on BadBarCode Vulnerability at PacSec'15. In 2017,HC gave a talk on SamsungPay Vulnerability at Blackhat Europe'17. In 2018,HC gave a talk at Zeronights'18.
-
Yu Chen
- Security Researcher, Tencent Security Xuanwu Lab
Yu Chen is a security researcher in Xuanwu Lab of Tencent. He received his PhD in information security from University of Chinese Academy of Sciences. His research focuses on frontier security threats, such as deep learning security and biometric security. His works have been published on IPCCC, ICC, IntellSys, WASA, etc. He has received the best student paper award at WASA in 2018.
Links:
Similar Presentations: