Ci sono approcci di spoofing molto raffinati che consentono l'impersonamento di chiunque stampando degli occhiali ad-hoc. <https://www.newscientist.com/article/2111041-glasses-make-face-recognition-t...> Il paper originale dei ricercatori di CMU è qui: Sharif, M., Bhagavatula, S., Bauer, L., & Reiter, M. Accessorize to a Crime: Real and Stealthy Attacks on State-Of-The-Art Face Recognition. In Proc. CCS, 2016. <https://users.ece.cmu.edu/~mahmoods/publications/ccs16-adv-ml.pdf> Ciao, A On 13/09/2017 14:24, gabriele elia wrote:

Apple ha aggiunto un sensore infrarossi ma si farà il defeat anche di quello Apple come degli altri ...

gabriele

* *

*Hackers Trick Facial-Recognition Logins With Photos From Facebook (What Else?)*

/* */

/Earlier this month at the Usenix security conference, security and computer vision specialists from the University of North Carolina presented a system that uses digital 3-D facial models based on publicly available photos and displayed with mobile virtual reality technology to defeat facial recognition systems. A VR-style face, rendered in three dimensions, gives the motion and depth cues that a security system is generally checking for. The researchers used a VR system shown on a smartphone’s screen for its accessibility and portability./

/Their attack, which successfully spoofed four of the five systems they tried, is a reminder of the downside to authenticating your identity with biometrics. By and large your bodily features remain constant, so if your biometric data is compromised or publicly available, it’s at risk of being recorded and exploited. Faces plastered across the web on social media are especially vulnerable—look no further than the wealth of facial biometric data literally called Facebook./

/https://www.wired.com/2016/08/hackers-trick-facial-recognition-logins-photos...

<https://www.wired.com/2016/08/hackers-trick-facial-recognition-logins-photos...>

Hackers Trick Facial-Recognition Logins With Photos From ... <https://www.wired.com/2016/08/hackers-trick-facial-recognition-logins-photos...> www.wired.com Researchers use online photos to create 3-D renders of faces and successfully dupe four facial recognition systems.

------------------------------------------------------------------------ *Da:* nexa <nexa-bounces@server-nexa.polito.it> per conto di Diego Giorio <dgiorio@hotmail.com> *Inviato:* mercoledì 13 settembre 2017 13:50 *A:* Nexa *Oggetto:* Re: [nexa] Facial recognition is here. The iPhone X is just the beginning | Clare Garvie

A titolo personale, credo che il problema non sia tanto nel riconoscimento facciale del dispositivo in sè: fin quando un mio oggetto (auto, telefono, computer...) ha a bordo un dispositivo per riconoscermi come proprietario e non consente a malintenzionati di rubarlo o farne un uso scorretto, si tratta di una funzione meravigliosa. Il problema nasce nel momento in cui i dati del riconoscimento cominciano ad essere centralizzati, e se i dispositivi di riconoscimento dovessero diffondersi a macchia d'olio. Magari in un pannello pubblicitario che mi riconosce in metropolitana e mi visualizza un advertising mirato, tanto per citare una delle applicazioni meno pericolose.

Inoltre vorrei sapere se alla Apple hanno pensato anche al percorso inverso: se qualcuno riuscisse a mettere le mani sul mio modello 3D, rubandolo dal telefono o ricavandolo da altro lettore, ed a riprodurre il mio viso con idonea stampante, il dispositivo ci cascherebbe?

Sono curioso di saper cosa ne pensano gli altri

Saluti a tutti

D.

------------------------------------------------------------------------ *From:* nexa <nexa-bounces@server-nexa.polito.it> on behalf of Alberto Cammozzo <ac+nexa@zeromx.net> *Sent:* Wednesday, September 13, 2017 11:26 AM *To:* Nexa *Subject:* [nexa] Facial recognition is here. The iPhone X is just the beginning | Clare Garvie

<https://www.theguardian.com/commentisfree/2017/sep/13/facial-recognition-iph...> <https://www.theguardian.com/commentisfree/2017/sep/13/facial-recognition-iph...>;

I have a confession to make. I’m a privacy lawyer who researches the risks of face recognition technology – and I will be buying the new iPhone. Apple’s next generation smartphone will unlock using face recognition, thanks to infrared and 3D sensors within its front-facing camera. Reports indicate that the face scan and unlock system will be almost instantaneous and require no buttons to be pressed, being always “on” and ready to read your face. Android users can expect similar face unlock features as well.

For the millions of people who will soon depend on face recognition to check their email, send a text, or make a call, it will be quick, easy to use, and yes, pretty cool. But as we grow accustomed to fast and accurate face recognition, we cannot become complacent to the serious privacy risks it often poses – or think that all its applications are alike. ...

_______________________________________________ nexa mailing list nexa@server-nexa.polito.it https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa

Basta una foto HR del dito, come ha scoperto Angela Merkel (per mano dei burloni del CCC) <https://www.wired.com/2008/03/hackers-publish/> Questa impresa USA vende un sistema che legge impronte digitali da due metri <https://www.technologyreview.com/s/422400/fingerprints-go-the-distance/> Ciao, A On 13/09/2017 14:41, Stefano Quintarelli wrote:

dare il dito e' un gesto attivo. essere inquadrato e' un gesto passivo.

vi ricordate la vicenda di sblocco del telefono da parte della polizia ? non sara' piu' un problema. (ma nemmeno per il tuo compagno/compagna, mentre dormi...)

On 13/09/2017 14:24, gabriele elia wrote:

...

Apple ha aggiunto un sensore infrarossi ma si farà il defeat anche di quello Apple come degli altri ...

gabriele

* *

*Hackers Trick Facial-Recognition Logins With Photos From Facebook (What Else?)*

/* */

/Earlier this month at the Usenix security conference, security and computer vision specialists from the University of North Carolina presented a system that uses digital 3-D facial models based on publicly available photos and displayed with mobile virtual reality technology to defeat facial recognition systems. A VR-style face, rendered in three dimensions, gives the motion and depth cues that a security system is generally checking for. The researchers used a VR system shown on a smartphone’s screen for its accessibility and portability./

/Their attack, which successfully spoofed four of the five systems they tried, is a reminder of the downside to authenticating your identity with biometrics. By and large your bodily features remain constant, so if your biometric data is compromised or publicly available, it’s at risk of being recorded and exploited. Faces plastered across the web on social media are especially vulnerable—look no further than the wealth of facial biometric data literally called Facebook./

/https://www.wired.com/2016/08/hackers-trick-facial-recognition-logins-photos...

<https://www.wired.com/2016/08/hackers-trick-facial-recognition-logins-photos...>

Hackers Trick Facial-Recognition Logins With Photos From ... <https://www.wired.com/2016/08/hackers-trick-facial-recognition-logins-photos...> www.wired.com Researchers use online photos to create 3-D renders of faces and successfully dupe four facial recognition systems.

------------------------------------------------------------------------ *Da:* nexa <nexa-bounces@server-nexa.polito.it> per conto di Diego Giorio <dgiorio@hotmail.com> *Inviato:* mercoledì 13 settembre 2017 13:50 *A:* Nexa *Oggetto:* Re: [nexa] Facial recognition is here. The iPhone X is just the beginning | Clare Garvie

A titolo personale, credo che il problema non sia tanto nel riconoscimento facciale del dispositivo in sè: fin quando un mio oggetto (auto, telefono, computer...) ha a bordo un dispositivo per riconoscermi come proprietario e non consente a malintenzionati di rubarlo o farne un uso scorretto, si tratta di una funzione meravigliosa. Il problema nasce nel momento in cui i dati del riconoscimento cominciano ad essere centralizzati, e se i dispositivi di riconoscimento dovessero diffondersi a macchia d'olio. Magari in un pannello pubblicitario che mi riconosce in metropolitana e mi visualizza un advertising mirato, tanto per citare una delle applicazioni meno pericolose.

Inoltre vorrei sapere se alla Apple hanno pensato anche al percorso inverso: se qualcuno riuscisse a mettere le mani sul mio modello 3D, rubandolo dal telefono o ricavandolo da altro lettore, ed a riprodurre il mio viso con idonea stampante, il dispositivo ci cascherebbe?

Sono curioso di saper cosa ne pensano gli altri

Saluti a tutti

D.

------------------------------------------------------------------------ *From:* nexa <nexa-bounces@server-nexa.polito.it> on behalf of Alberto Cammozzo <ac+nexa@zeromx.net> *Sent:* Wednesday, September 13, 2017 11:26 AM *To:* Nexa *Subject:* [nexa] Facial recognition is here. The iPhone X is just the beginning | Clare Garvie <https://www.theguardian.com/commentisfree/2017/sep/13/facial-recognition-iph...> <https://www.theguardian.com/commentisfree/2017/sep/13/facial-recognition-iph...>;

I have a confession to make. I’m a privacy lawyer who researches the risks of face recognition technology – and I will be buying the new iPhone. Apple’s next generation smartphone will unlock using face recognition, thanks to infrared and 3D sensors within its front-facing camera. Reports indicate that the face scan and unlock system will be almost instantaneous and require no buttons to be pressed, being always “on” and ready to read your face. Android users can expect similar face unlock features as well.

For the millions of people who will soon depend on face recognition to check their email, send a text, or make a call, it will be quick, easy to use, and yes, pretty cool. But as we grow accustomed to fast and accurate face recognition, we cannot become complacent to the serious privacy risks it often poses – or think that all its applications are alike. ...

_______________________________________________ nexa mailing list nexa@server-nexa.polito.it https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa

_______________________________________________ nexa mailing list nexa@server-nexa.polito.it https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa

il primo caso era prendendolo da un oggetto. ci sono molte guida per farlo https://goo.gl/Qm61RB il secondo e' impressive, non li conoscevo http://www.andiotg.com/ comunque mi pare richieda cooperazione da parte dell'utente. ciao!, s. On 13/09/2017 14:45, Alberto Cammozzo wrote:

Basta una foto HR del dito, come ha scoperto Angela Merkel (per mano dei burloni del CCC) <https://www.wired.com/2008/03/hackers-publish/>

Questa impresa USA vende un sistema che legge impronte digitali da due metri <https://www.technologyreview.com/s/422400/fingerprints-go-the-distance/>

Ciao, A

On 13/09/2017 14:41, Stefano Quintarelli wrote:

...

dare il dito e' un gesto attivo. essere inquadrato e' un gesto passivo.

vi ricordate la vicenda di sblocco del telefono da parte della polizia ? non sara' piu' un problema. (ma nemmeno per il tuo compagno/compagna, mentre dormi...)

On 13/09/2017 14:24, gabriele elia wrote:

...

Apple ha aggiunto un sensore infrarossi ma si farà il defeat anche di quello Apple come degli altri ...

gabriele

* *

*Hackers Trick Facial-Recognition Logins With Photos From Facebook (What Else?)*

/* */

/Earlier this month at the Usenix security conference, security and computer vision specialists from the University of North Carolina presented a system that uses digital 3-D facial models based on publicly available photos and displayed with mobile virtual reality technology to defeat facial recognition systems. A VR-style face, rendered in three dimensions, gives the motion and depth cues that a security system is generally checking for. The researchers used a VR system shown on a smartphone’s screen for its accessibility and portability./

/Their attack, which successfully spoofed four of the five systems they tried, is a reminder of the downside to authenticating your identity with biometrics. By and large your bodily features remain constant, so if your biometric data is compromised or publicly available, it’s at risk of being recorded and exploited. Faces plastered across the web on social media are especially vulnerable—look no further than the wealth of facial biometric data literally called Facebook./

/https://www.wired.com/2016/08/hackers-trick-facial-recognition-logins-photos...

<https://www.wired.com/2016/08/hackers-trick-facial-recognition-logins-photos...>

Hackers Trick Facial-Recognition Logins With Photos From ... <https://www.wired.com/2016/08/hackers-trick-facial-recognition-logins-photos...> www.wired.com Researchers use online photos to create 3-D renders of faces and successfully dupe four facial recognition systems.

------------------------------------------------------------------------ *Da:* nexa <nexa-bounces@server-nexa.polito.it> per conto di Diego Giorio <dgiorio@hotmail.com> *Inviato:* mercoledì 13 settembre 2017 13:50 *A:* Nexa *Oggetto:* Re: [nexa] Facial recognition is here. The iPhone X is just the beginning | Clare Garvie

A titolo personale, credo che il problema non sia tanto nel riconoscimento facciale del dispositivo in sè: fin quando un mio oggetto (auto, telefono, computer...) ha a bordo un dispositivo per riconoscermi come proprietario e non consente a malintenzionati di rubarlo o farne un uso scorretto, si tratta di una funzione meravigliosa. Il problema nasce nel momento in cui i dati del riconoscimento cominciano ad essere centralizzati, e se i dispositivi di riconoscimento dovessero diffondersi a macchia d'olio. Magari in un pannello pubblicitario che mi riconosce in metropolitana e mi visualizza un advertising mirato, tanto per citare una delle applicazioni meno pericolose.

Inoltre vorrei sapere se alla Apple hanno pensato anche al percorso inverso: se qualcuno riuscisse a mettere le mani sul mio modello 3D, rubandolo dal telefono o ricavandolo da altro lettore, ed a riprodurre il mio viso con idonea stampante, il dispositivo ci cascherebbe?

Sono curioso di saper cosa ne pensano gli altri

Saluti a tutti

D.

------------------------------------------------------------------------ *From:* nexa <nexa-bounces@server-nexa.polito.it> on behalf of Alberto Cammozzo <ac+nexa@zeromx.net> *Sent:* Wednesday, September 13, 2017 11:26 AM *To:* Nexa *Subject:* [nexa] Facial recognition is here. The iPhone X is just the beginning | Clare Garvie <https://www.theguardian.com/commentisfree/2017/sep/13/facial-recognition-iph...> <https://www.theguardian.com/commentisfree/2017/sep/13/facial-recognition-iph...>;

I have a confession to make. I’m a privacy lawyer who researches the risks of face recognition technology – and I will be buying the new iPhone. Apple’s next generation smartphone will unlock using face recognition, thanks to infrared and 3D sensors within its front-facing camera. Reports indicate that the face scan and unlock system will be almost instantaneous and require no buttons to be pressed, being always “on” and ready to read your face. Android users can expect similar face unlock features as well.

For the millions of people who will soon depend on face recognition to check their email, send a text, or make a call, it will be quick, easy to use, and yes, pretty cool. But as we grow accustomed to fast and accurate face recognition, we cannot become complacent to the serious privacy risks it often poses – or think that all its applications are alike. ...

_______________________________________________ nexa mailing list nexa@server-nexa.polito.it https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa

_______________________________________________ nexa mailing list nexa@server-nexa.polito.it https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa

_______________________________________________ nexa mailing list nexa@server-nexa.polito.it https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa