Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

The first and most relevant "privacy hacking" based on images (avatars).

October 2017 by Patrick LEBRETON

Federico Ziberna and Claudio Cavalera, independent Italian researchers, have conceived and described a completely new kind of privacy breach, based on avatars. This type of violation may involve most users of the popular Instant Messaging apps: Whatsapp and Viber.

Ziberna developed a system that allowed him to freely download an unlimited
amount of avatars linked to as many accounts as users of famous Instant Messaging
systems. Using the User’s Avatar as a “Search Key” (possibly combined with
other data automatically extracted from the image thanks to facial recognition
algorithms, such as ethnicity, age, gender, etc), it was possible to compare the
avatar with other freely images in the network or on other accounts, in order to
find a match.

This fact therefore allows you to have a chance to connect any unknown person’s
phone number to a real person, thanks to the avatar.

“Imagine this scenario: we have an archive of millions of photos. Most of these
have the face of a person. Do you remember the old movies in which the police are
looking for a criminal by comparing his picture with those contained in their
file? ..nowiseeyou has the advantage that on every photo of its archive there is
attached the card with the criminal phone number ..”

Among the different types of hacks described (for pure study), Ziberna describes
the so nicknamed "voodoo doll exploit": the striker makes a photo to any person,
and the attack tool verifies whether the "doll" is comparable to one of the
downloaded avatars and hence eventually traced back to the phone number of the
person photographed.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts