{"id":10386,"date":"2015-10-28T09:39:30","date_gmt":"2015-10-28T13:39:30","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=10386"},"modified":"2021-03-01T11:50:19","modified_gmt":"2021-03-01T16:50:19","slug":"stealing-digital-identity","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/stealing-digital-identity\/10386\/","title":{"rendered":"How easy is it for hackers to steal your face?"},"content":{"rendered":"<p>Cybercriminals hunt for data of all kinds: personal details, photos, videos and even ways that users interact with others; this data is often stolen from social networks. Stolen data is often <a href=\"http:\/\/www.dailydot.com\/lifestyle\/facebook-photos-revenge-porn-escort\/\" target=\"_blank\" rel=\"noopener nofollow\">posted elsewhere online<\/a> to be sold to other criminals looking to make a profit.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Are people stealing your personal Facebook photos and putting them on porn sites? <a href=\"http:\/\/t.co\/CZDRLqciDS\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/CZDRLqciDS<\/a><\/p>\n<p>\u2014 The Daily Dot (@dailydot) <a href=\"https:\/\/twitter.com\/dailydot\/status\/601751137470013440?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">May 22, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>With that said, a digital ID is made up of much more than social media accounts. As technology continues to make advancements, so does the amount of components of our online identity that can be stolen or forged.<\/p>\n<h3>Face off<\/h3>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2015\/10\/06023842\/identity-theft-FB.jpg\"><img decoding=\"async\" class=\"aligncenter wp-image-10387 size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2015\/10\/06023842\/identity-theft-FB.jpg\" alt=\"How easy it is to steal your digital identity?\" width=\"1280\" height=\"1280\"><\/a><br>\nIt\u2019s already possible to put on the face of another person during a video call. With the correct approach it can look so realistic that you\u2019d hardly distinguish between the forgery and a real person.<\/p>\n<p>There was an app in 2011, which could overlay a face from a photo onto a moving face in a video, dynamically, in real time. Have you ever dreamt of Angelina Jolie\u2019s lips or Brad Pitt\u2019s face? No need for Photoshop here, just a <a href=\"http:\/\/www.popsci.com\/technology\/article\/2011-09\/creepiest-video-software-ever-substitutes-faces-real-time\" target=\"_blank\" rel=\"noopener nofollow\">creepy app<\/a>.<\/p>\n<p><iframe title=\"Face Substitution\" src=\"https:\/\/player.vimeo.com\/video\/29348533?dnt=1&amp;app_id=122963\" width=\"500\" height=\"281\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write\"><\/iframe><\/p>\n<p>Of course, in 2011 the algorithm was imperfect. After four years on Facebook Oculus Rift developers and researchers at the University of Southern California <a href=\"http:\/\/www.technologyreview.com\/news\/537566\/oculus-rift-hack-transfers-your-facial-expressions-onto-your-avatar\/\" target=\"_blank\" rel=\"noopener nofollow\">demonstrated a way to track the facial expressions<\/a> of someone wearing a virtual-reality headset and to transfer them to a virtual character. That could make for online games and even more. Just imagine, how tough would Warcraft or other massively multiplayer online role-playing game (MMORPG) characters look with your glowering face expression! Sounds interesting.<\/p>\n<p>It was clear that people would also be able to exchange facial gestures in video chat,. Recently researchers from Stanford have <a href=\"http:\/\/graphics.stanford.edu\/~niessner\/thies2015realtime.html\" target=\"_blank\" rel=\"noopener nofollow\">presented<\/a> a solution for this.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/eXVspNUeiWw?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>Sounds great, but as usual every new development can be used for good and for evil \u2014 to deceive, defraud and gain profit in illegal way. And be sure, cybercriminals <a href=\"https:\/\/www.kaspersky.com\/blog\/skype-fraud-story\/8043\/\" target=\"_blank\" rel=\"noopener nofollow\">are very creative<\/a> when it comes to exploiting technology to make money.<\/p>\n<h3><span style=\"text-decoration: line-through\">In<\/span>Vulnerable biometrics<\/h3>\n<p>Currently people use their fingerprints to enter gyms, which belong to the popular American fitness center chain 24 Hour Fitness. Patients of New York University medical center show their palms instead of their insurance cards, as <a href=\"http:\/\/www.cnet.com\/news\/hospital-scans-palms-to-pull-up-medical-records\/\" target=\"_blank\" rel=\"noopener nofollow\">PatientSecure system scans unique vein<\/a> patterns in their hands.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>#Fingerprints and #iris scans are insecure and can even stitch you up. #cybercrime #biometrics #security<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2Fkh4d&amp;text=+%23Fingerprints+and+%23iris+scans+are+insecure+and+can+even+stitch+you+up.+%23cybercrime+%23biometrics+%23security+\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>But let\u2019s look at the situation in a different way. We use passwords to access Internet services. When a password is compromised, you can easily change it. Speaking of plastic credit cards, they can be quickly substituted as well \u2014 in a week or two \u2014 if they are lost or stolen.<\/p>\n<p>Imagine, that you use parts of your body for identification, such as fingerprints or iris scans. Can you make new body parts, if cybercriminals make copies of the old ones?<\/p>\n<p>Victims of identity theft can <a href=\"http:\/\/idtheft.about.com\/od\/preventionpractices\/a\/Biometrics.htm\" target=\"_blank\" rel=\"noopener nofollow\">wait from three to five years<\/a> before the problem is fixed.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">In 2009, Scientists discovered they could fabricate 'fake' DNA evidence.<\/p>\n<p>\u2014 Wikipedia (@WikipediaPage) <a href=\"https:\/\/twitter.com\/WikipediaPage\/status\/362116683244109824?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">July 30, 2013<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>There are instances where one cannot wait that long as research has shown that it is feasible to <a href=\"http:\/\/zeenews.india.com\/home\/fake-dna-evidence-can-be-created_556512.html\" target=\"_blank\" rel=\"noopener nofollow\">fake DNA<\/a>, imagine if that is planted at a crime scene.<\/p>\n<h3>Can we fake it?<\/h3>\n<p>As it turns out, it\u2019s not that hard to compromise another person\u2019s biometrics, such as fingerprints and iris scans. The worst part is that one can do it remotely. A German biometrics specialist Jan Krisller, who had risen to fame after <a href=\"https:\/\/www.kaspersky.com\/blog\/fingerprint-scanner-iphone-5s\/2747\/\" target=\"_blank\" rel=\"noopener nofollow\">hacking Apple\u2019s TouchID<\/a>, recently discovered how to <a href=\"http:\/\/www.scmagazine.com\/starbugs-in-your-eyes-german-hacker-spoofs-iris-recognition\/article\/449314\/\" target=\"_blank\" rel=\"noopener nofollow\">copy iris and fingerprints from high resolution photos<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Starbug's in your eyes: German hacker spoofs iris recognition | <a href=\"https:\/\/t.co\/HctpvVXs8H\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/HctpvVXs8H<\/a><\/p>\n<p>\u2014 SC Media (@SCMagazine) <a href=\"https:\/\/twitter.com\/SCMagazine\/status\/658962727944257536?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 27, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Krissler extracted the iris data of German chancellor Angela Merkel, using a photo taken at a press conference. A criminal can do the same with a magazine image. He also confirmed that one could print the data onto a contact lens and use them to defraud an iris scan system.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Starbug shares how he can <a href=\"https:\/\/twitter.com\/hashtag\/hack?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#hack<\/a> fingerprint sensors. Including iPhone! <a href=\"https:\/\/twitter.com\/hashtag\/biometrics2015?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#biometrics2015<\/a> <a href=\"http:\/\/t.co\/uMQdIc6Js8\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/uMQdIc6Js8<\/a><\/p>\n<p>\u2014 Mike Wood (@MikeRwood) <a href=\"https:\/\/twitter.com\/MikeRwood\/status\/654603314089299968?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 15, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Forging fingerprints is just as easy. For example, Krissler did it with a common SLR camera and a 200mm lens. With a photo of the victim\u2019s hand criminals can pass the fingerprint scanner just as easily.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Tips and Tricks to Hide from <a href=\"https:\/\/twitter.com\/hashtag\/BigBrother?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#BigBrother<\/a> Watchful Eye <a href=\"https:\/\/t.co\/xJ6VqqUKuo\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/xJ6VqqUKuo<\/a> <a href=\"http:\/\/t.co\/oeNopI12hL\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/oeNopI12hL<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/652500369264783360?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 9, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Biometrics still has room for improvement. We should not implement new technologies without specific protection systems that will guard people\u2019s personal data. Otherwise there can be failures and investigative research into hacking the technology \u2013 we\u2019ll be sure to tell you about them. For now we highly recommend you to be vigilant and protect important data with the old-fashioned password and <a href=\"https:\/\/www.kaspersky.com\/blog\/what_is_two_factor_authentication\/5036\/\" target=\"_blank\" rel=\"noopener nofollow\">two-factor authentication<\/a> technology.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fingerprints and iris scans are insecure and can be stolen to compromise your identity.<\/p>\n","protected":false},"author":522,"featured_media":10388,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,1788,1789],"tags":[1232,1233,1269,78,1134,1019,43,211],"class_list":{"0":"post-10386","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-privacy","9":"category-technology","10":"tag-biometrics","11":"tag-fingerprint-sensors","12":"tag-fingerprints","13":"tag-hackers","14":"tag-internet","15":"tag-iris-recognition","16":"tag-privacy","17":"tag-social-media"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/stealing-digital-identity\/10386\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/stealing-digital-identity\/6204\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/stealing-digital-identity\/6400\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/stealing-digital-identity\/6332\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/stealing-digital-identity\/7157\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/stealing-digital-identity\/6828\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/stealing-digital-identity\/9535\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/stealing-digital-identity\/4997\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/stealing-digital-identity\/5754\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/stealing-digital-identity\/6344\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/stealing-digital-identity\/9360\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/stealing-digital-identity\/9535\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/stealing-digital-identity\/10386\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/stealing-digital-identity\/10386\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/biometrics\/","name":"biometrics"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/10386","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/522"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=10386"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/10386\/revisions"}],"predecessor-version":[{"id":38870,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/10386\/revisions\/38870"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/10388"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=10386"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=10386"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=10386"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}