Who Will Solve the Face Information Security Concerns Caused by "mobile Phone Theft"?

A month ago, an article "the black industrial chain of stealing personal information and realizing fund theft due to the theft of a mobile phone" (the original author has been deleted) triggered a heated discussion. The author Lao camel tells that after his family's mobile phone was stolen, he experienced a battle of wits and courage with a group of professional and sophisticated criminal gangs who stole personal information and stole funds from other people's bank accounts. The article mentioned many enterprises, but also caused many netizens' concerns about the security of face information.

Schematic diagram of fund stealing process by stealing personal information from black products

On October 10th, relevant departments of Alipay responded that the students of Alipay's "non attack" safety laboratory contacted the old camel for the first time and understood the relevant situation. The response pointed out that the black products disclosed in Alipay did not contain money and information. And Alipay promised to pay the full amount of money stolen, including the loss of mobile phone.

In the follow-up specific reply, Alipay's related personnel also pointed out that black production did not break through Alipay's face recognition, and the new registration number was realized through other channels, such as identity information and SMS verification code.

Application crisis of face recognition

At present, as the product of the development of artificial intelligence and big data technology, face recognition technology has been widely used in administrative services, financial business, unit attendance, access control system and judicial cases in recent years with the breakthrough in the research and development of face recognition technology all over the world.

"Face unlocking", "face swiping payment" and "face swiping in and out" are part of people's life. However, while people enjoy the convenience they bring to work and life, the problem of data privacy and security based on this has also aroused widespread concern in the society, How to set more reasonable and scientific regulatory rules to protect personal privacy and data security has become a difficult problem of the times.

Difficulties caused by standards

Another worrying reality is that there is no national standard for personal information protection except for financial institutions. At the same time, because its nature is different from the financial industry and its sensitivity is low, the face recognition system used in most cases is relatively backward.

In addition, according to an employee of a company in Guangxi, the big problem of face recognition system on the market is that it can't afford it. The employee said that when she purchased the 108 point face recognition system of a well-known CV enterprise in China (note â‘ ), the other party offered more than 300000 yuan, but it was difficult to grasp the quality of the other party when she purchased the enterprise system with a smaller name. After several selection, I finally chose the face recognition system of a beauty software.

This leads to another problem. Among many enterprises trying to use face recognition technology, small and medium-sized enterprises are unable to bear the cost caused by excellent systems. Although the relatively backward face recognition system is cheap, it may affect security, which has almost become a dead cycle.

Then, under the dual factors of the lack of standards and the impact of costs, it is extremely easy for capital to produce such a measure in the process of pursuing profits: "if you don't have money to buy good ones, you can use relatively general ones. There is no standard about what level of face recognition technology is allowed to be used."

Application under compromise

In addition to the above standard problems, the technical problems of face recognition are also very easy for enterprises to compromise for user experience.

Specifically, the worse the image quality, the lower the accuracy of face recognition. Therefore, in daily applications, the quality problems of face images caused by complex environments such as blur, occlusion, large angle, backlight and dark light will lead to low accuracy of face recognition, which requires repeated recognition for many times to succeed, so the overall time consumption is greatly prolonged.

In the application of face recognition technology, whether it is already integrated into our daily mobile terminal applications, or in security terminal applications such as face recognition gate, there are many embarrassing scenes that fail to pass the recognition for many times and constantly change the face angle to wait for the recognition to pass.

From the perspective of user experience, face recognition is not an indispensable "security choice" for users. For mobile end users, security means such as password and fingerprint identification have long been transplanted and mature, while for customers served by security end applications such as gate, the original mature modes such as fingerprint and RF card can still serve them.

This leads to another phenomenon. Once the user experience is too poor, face recognition technology will not be used at all, and it will cause an irreparable decline in the brand's reputation. Under this "coercion", many enterprises choose to reduce the key points of face recognition technology and compromise the user experience and reputation, which is also one of the reasons why face recognition technology has been frequently cracked in the past.

Daily threats do not stop at the face

For the current situation of face recognition, the appropriate lifting algorithm can reduce the risk of face recognition to a certain extent. For example, the lack of technical support for Alipay has the ability to detect thousands of points. Compared with the first generation of key points, QianDian can completely outline the shape of the face, eyebrows, eyes, nose, mouth and other parts of the face for more accurate face recognition.

In addition, for the user experience, in essence, technical means can be taken to make up rather than compromise, remove low-quality images, and send the screened images with qualified quality to the next process, which can greatly improve the recognition efficiency.

Based on the principle of feature extraction, the features concerned by face quality detection (mainly including light, blur, angle, occlusion, expression, noise, etc.) can be learned from massive data through neural network and judged.

Back to daily life, in this event, due to mobile number sniffing and SMS sniffing, the former can capture the mobile phone numbers around the network, and the latter can sniff the SMS of a mobile phone number under 2G network. Therefore, even if you hide the notification details in the lock screen state, and even if you have a SIM card pin, the attacker can still obtain the verification code of the mobile phone through this technology and carry out the same attack, which is worthy of our attention.

Fortunately, both SMS sniffing and mobile phone number sniffing can only be carried out under 2G network. Of course, this is not difficult for attackers. On the one hand, attackers can find an environment where 3G and 4G signals are bad and can only be connected to 2G to attack. On the other hand, attackers can also launch a downgrade attack to reduce the mobile phone connected to LTE network to 2G. This technology is also very mature.

How to prevent this attack? Very simply, in the cellular mobile network settings, set the network mode to only 4G or 5g / 4G.

Editor ajx