There are tools in existence that take advantage of users’ photos across various social media sites. And now, security researchers have found that social media profile pictures may present opportunity for exploitation by facial recognition hacks, Forbes reports.
Using a LinkedIn photo as a cue, the researchers launched a mock WannaCry ransomware attack on a computer that identified the face of the target through a video chat. The objective: to show how AI might be weaponized in the future and become a staple in the cyberattack toolkit.
In his Forbes article, Thomas Fox-Brewster explained the mechanics behind the attack: “If hackers want to target a specific person, in this case a journalist, they could harvest their images from social media. They could then infect a computer network and launch an attack when the target’s face was detected by the camera. They could’ve done the same with voice recognition or any other aspect of a person’s physical being that can be recorded by a computer.”
While the test case focused on a journalist, it’s well-known that cybercriminals often carry out targeted attacks on high-powered business executives—especially in the c-suite because of their access to assets and company secrets. And, their headshots are everywhere – from LinkedIn to magazine profiles.
Called DeepLocker, the malware is stored, dormant, for long periods of time on the computer. Typically, it’s carried through programs such as a video conferencing software. It remains inactive until it identifies its intended victim through artificial intelligence-based factors – facial recognition, geolocation, or voice recognition.
As Fox-Brewster mentioned, this type of attack would likely be a targeted attack on a specific person.
Get the full story at Forbes.