Monday August 20, 2018
Home Science & Technology Attention! No...

Attention! Now viewing an image online could hack into your computer

0
//
69
Republish
Reprint

saumil_photo_square_400x400

 

 

By NewsGram Staff Writer

Who would have thought that an innocent looking image file might prove to be a disastrous intruder in your personal computer?

In the new age digital world, inventions and discoveries have to be scrutinized in and out to find out their hidden attributes. One can’t be sure if a discovery is ever entirely beneficial or not.

As reported by motherboard.vice.com, Saumil Shah, a security researcher from India has devised a technique called “Stegosploit”    through which a hacker could hide malicious code inside the picture’s pixels. The technique that he has put to use is known  as ‘steganography’. It consists of stashing secret text or images in a different text or images.

Shah calls it the “magic sauce” behind Stegosploit. In this case, the malicious code or exploit is encoded inside the picture’s pixels, and it’s then decoded using an HTML 5 element called Canvas, which allows for dynamic rendering of images.

“I don’t need to host a blog, I don’t need to host a website at all. I don’t even need to register a domain,” Shah told Motherboard, during the demo last week. “I can take an image, upload it somewhere and if I just point you toward that image, and you load this image in a browser, it will detonate.”

 

The malicious code, which Shah calls “IMAJS,” is a mix of image code and javascript hidden into a JPG or PNG file. Shah hides the code within the picture’s pixels, and from the outside, unless you zoom a lot into it, the picture looks just fine.

Admitting that the technique might not work everywhere, Shah adds that he, himself hasn’t fully tested his technique on known image sharing sites such as Imgur or Dropbox,. The malicious file has to be uploaded without an extension for the browser to be tricked into rendering it, and some sites, such as Dropbox, don’t allow that. Moreover sites like Facebook reprocess the images when they are uploaded, causing the loss of the malicious code, according to Shah.

Still, Shah believes it’s just a matter of time and that “these techniques are coming, sooner or later.”

Click here for reuse options!
Copyright 2015 NewsGram

Next Story

AI To Recognize Individuals Emotions Using A Photographic Repository

Not for police, government

0
Rana el Kaliouby, CEO of the Boston-based artificial intelligence firm Affectiva, is pictured in Boston, April 23, 2018. Affectiva builds face-scanning technology for detecting emotions, but its founders decline business opportunities that involve spying on people.
Rana el Kaliouby, CEO of the Boston-based artificial intelligence firm Affectiva, is pictured in Boston, April 23, 2018. Affectiva builds face-scanning technology for detecting emotions, but its founders decline business opportunities that involve spying on people. VOA

When a CIA-backed venture capital fund took an interest in Rana el Kaliouby’s face-scanning technology for detecting emotions, the computer scientist and her colleagues did some soul-searching — and then turned down the money.

“We’re not interested in applications where you’re spying on people,” said el Kaliouby, the CEO and co-founder of the Boston startup Affectiva. The company has trained its artificial intelligence systems to recognize if individuals are happy or sad, tired or angry, using a photographic repository of more than 6 million faces.

Recent advances in AI-powered computer vision have accelerated the race for self-driving cars and powered the increasingly sophisticated photo-tagging features found on Facebook and Google. But as these prying AI “eyes” find new applications in store checkout lines, police body cameras and war zones, the tech companies developing them are struggling to balance business opportunities with difficult moral decisions that could turn off customers or their own workers.

El Kaliouby said it’s not hard to imagine using real-time face recognition to pick up on dishonesty — or, in the hands of an authoritarian regime, to monitor reaction to political speech in order to root out dissent. But the small firm, which spun off from a Massachusetts Institute of Technology research lab, has set limits on what it will do.

The company has shunned “any security, airport, even lie-detection stuff,” el Kaliouby said. Instead, Affectiva has partnered with automakers trying to help tired-looking drivers stay awake, and with consumer brands that want to know whether people respond to a product with joy or disgust.

Rana el Kaliouby, CEO of the Boston-based artificial intelligence firm Affectiva, demonstrates the company's facial recognition technology, in Boston, April 23, 2018.
Rana el Kaliouby, CEO of the Boston-based artificial intelligence firm Affectiva, demonstrates the company’s facial recognition technology, in Boston, April 23, 2018. VOA

New qualms

Such queasiness reflects new qualms about the capabilities and possible abuses of all-seeing, always-watching AI camera systems — even as authorities are growing more eager to use them.

In the immediate aftermath of Thursday’s deadly shooting at a newspaper in Annapolis, Maryland, police said they turned to face recognition to identify the uncooperative suspect. They did so by tapping a state database that includes mug shots of past arrestees and, more controversially, everyone who registered for a Maryland driver’s license.

Initial information given to law enforcement authorities said that police had turned to facial recognition because the suspect had damaged his fingerprints in an apparent attempt to avoid identification. That report turned out to be incorrect and police said they used facial recognition because of delays in getting fingerprint identification.

In June, Orlando International Airport announced plans to require face-identification scans of passengers on all arriving and departing international flights by the end of this year. Several other U.S. airports have already been using such scans for some departing international flights.

Chinese firms and municipalities are already using intelligent cameras to shame jaywalkers in real time and to surveil ethnic minorities, subjecting some to detention and political indoctrination. Closer to home, the overhead cameras and sensors in Amazon’s new cashier-less store in Seattle aim to make shoplifting obsolete by tracking every item shoppers pick up and put back down.

Concerns over the technology can shake even the largest tech firms. Google, for instance, recently said it will exit a defense contract after employees protested the military application of the company’s AI technology. The work involved computer analysis of drone video footage from Iraq and other conflict zones.

Google guidelines

Similar concerns about government contracts have stirred up internal discord at Amazon and Microsoft. Google has since published AI guidelines emphasizing uses that are “socially beneficial” and that avoid “unfair bias.”

Amazon, however, has so far deflected growing pressure from employees and privacy advocates to halt Rekognition, a powerful face-recognition tool it sells to police departments and other government agencies.

Saying no to some work, of course, usually means someone else will do it. The drone-footage project involving Google, dubbed Project Maven, aimed to speed the job of looking for “patterns of life, things that are suspicious, indications of potential attacks,” said Robert Work, a former top Pentagon official who launched the project in 2017.

While it hurts to lose Google because they are “very, very good at it,” Work said, other companies will continue those efforts.

Commercial and government interest in computer vision has exploded since breakthroughs earlier in this decade using a brain-like “neural network” to recognize objects in images. Training computers to identify cats in YouTube videos was an early challenge in 2012. Now, Google has a smartphone app that can tell you which breed.

A major research meeting — the annual Conference on Computer Vision and Pattern Recognition, held in Salt Lake City in June — has transformed from a sleepy academic gathering of “nerdy people” to a gold rush business expo attracting big companies and government agencies, said Michael Brown, a computer scientist at Toronto’s York University and a conference organizer.

Brown said researchers have been offered high-paying jobs on the spot. But few of the thousands of technical papers submitted to the meeting address broader public concerns about privacy, bias or other ethical dilemmas. “We’re probably not having as much discussion as we should,” he said.

Not for police, government

Startups are forging their own paths. Brian Brackeen, the CEO of Miami-based facial recognition software company Kairos, has set a blanket policy against selling the technology to law enforcement or for government surveillance, arguing in a recent essay that it “opens the door for gross misconduct by the morally corrupt.”

Boston-based startup Neurala, by contrast, is building software for Motorola that will help police-worn body cameras find a person in a crowd based on what they’re wearing and what they look like. CEO Max Versace said that “AI is a mirror of the society,” so the company chooses only principled partners.

Also read: Thanks To Artificial Intelligence, Radio Journalist Regains His Voice

“We are not part of that totalitarian, Orwellian scheme,” he said. (VOA)