Scroll Top

In a world first Chinese hackers spoofed biometric authentication systems to steal $76 Million


You can change your password but you can’t change your face… and biometric authentication systems are now being hacked at scale.


Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential Universityconnect, watch a keynote, read our codexes, or browse my blog.

As we all begin moving away from using passwords which can be easily cracked and stolen and use biometrics instead criminals are catching up and finding new ways to spoof these systems as well. So far we’ve seen criminals cloning executives voices to steal $243,000 from an energy firm, and now in what’s widely regarded as a first of a kind and the largest hack of its kind a Chinese government facial recognition ID authentication tool was recently hacked, according to media reports. The biometric data stolen was then used to create fake tax invoices.


See also
Halo launches the first 5G tele-operated driverless car service in Las Vegas


Using Artificial Intelligence (AI) the criminals managed to make the high-resolution images of people look “alive” – essentially by using AI to generate sophisticated synthetic video snippets of the people’s faces – for the crime, with each “nodding, shaking, blinking and opening their mouths,” according to the South China Morning Post (SCMP), presumably to beat a biometric Presentation Attack Detection (PAD) system.

According to SCMP, reporting on an article in the Xinhua Daily Telegraph, the sophisticated biometric spoof attack and theft is being attributed to a pair of hackers with the surname Wu and Zhou.


See also
US Intelligence director: "AI will replace 75 percent of spies"


They allegedly netted 500 million yuan, or $76.2 million, operating for less than two years. Shanghai authorities in January posted online that the two had been prosecuted.

The Morning Post reported that the team purchased biometric information on the black market. Armed with the personal data and augmented pictures, the hackers used a shell company to send fraudulent tax invoices to the company’s “clients.”

The hackers hijacked phone cameras so that people would try to authenticate themselves with video, but that information went nowhere.


See also
China tests its cutting edge hypersonic aircraft that "rides its own shockwaves"


The Morning Post also reports online services for defeating face biometric systems are available for 30 to 250 yuan ($4.58 to $38.15) on the Dark Web.

Related Posts

Leave a comment


Awesome! You're now subscribed.

Pin It on Pinterest

Share This