{"id":6905,"date":"2024-08-07T13:47:07","date_gmt":"2024-08-07T10:47:07","guid":{"rendered":"https:\/\/blog.eset.ee\/?p=6905"},"modified":"2024-08-07T13:54:14","modified_gmt":"2024-08-07T10:54:14","slug":"how-to-protect-your-phone-and-data-against-face-stealing-scams","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2024\/08\/07\/how-to-protect-your-phone-and-data-against-face-stealing-scams\/","title":{"rendered":"How To Protect Your Phone and Data Against Face Stealing Scams"},"content":{"rendered":"\n

Recently, facial recognition technologies have become an increasingly popular<\/a> tool for secure authentication, one praised for its convenience. When technology giants such as Apple popularized their Face ID technology for face authentication, which, in general, couldn’t be fooled by static photographs and encrypts users\u2019 facial data<\/a>, security concerns naturally dwindled to the point where even banks and the wider financial sector<\/a> now use facial recognition systems as a form of authorization.<\/p>\n\n\n\n

However, this \u201cgood news\u201d about technological progress may also create a false picture of biometric recognition as the ultimate tool for secure authentication. No more passwords, no more scams, no one can steal a 3D image of your natural face, right?<\/p>\n\n\n\n

Neither time nor cybersecurity practice stands still, so if you think that facial authentication alone will prevent you from being scammed or your device from being breached, read further to understand the limits to the security it can provide. In the latest ESET Threat Report H1 2024<\/a>, ESET researchers describe how adversaries use fake mobile apps to replace their own faces with those of their victims using AI face-swapping services. This method can be used by cybercriminals to gain unauthorized access to victims\u2019 accounts.<\/p>\n\n\n\n

The strongest protection lies in using combinations of security approaches \u2014 for example, leveraging facial authentication with multilayered cybersecurity technologies, including multifactor authentication (MFA) built with prevention in mind to avoid attacks before they can do any harm. ESET covers both consumers<\/a> and business users<\/a> with mobile device protection that combines AI, human expertise, and a prevention-first approach.<\/p>\n\n\n\n

Preferred security authentication<\/h3>\n\n\n\n

Biometrics have gained popularity among both consumers and businesses, largely around ease of use. In 2023, biometrics such as fingerprint or face scan were the most preferred security authentication<\/a> methods to access users\u2019 online accounts, apps, and smart devices. Biometric authentication was used by 27 percent of respondents among consumers in various countries.<\/p>\n\n\n\n

Another 2023 survey<\/a> found that nearly 60 percent of respondents among IT and cybersecurity leaders in the United States mentioned biometrics when asked what they were replacing or expecting to replace workplace passwords with.<\/p>\n\n\n\n

Facial recognition, also a part of the biometrics market, reflects public demand for this new technology. In 2022, the market was estimated<\/a> at roughly $5 billion and is expected to grow, reaching $19.3 billion by 2032.<\/p>\n\n\n\n

Since Apple\u2019s camera- and laser-based 3D face mapping<\/a> was introduced in 2017, big market players such as Samsung have also been considering new technologies such as Metalenz’s tools<\/a> that can read polarized photons and create an image of a specific face or even record a brief video skin signature.<\/p>\n\n\n\n

New attack vector<\/h3>\n\n\n\n

Nowadays, certain financial apps require that users record a brief video of their face from various angles using the front camera of their mobile device as a form of secure authentication. However, what was intended as an extra layer of security to prevent identity theft and fraudulent activities recently became another attack vector for cybercriminals.<\/p>\n\n\n\n

Group-IB\u2019s Threat Intelligence unit discovered<\/a> a previously unknown iOS Trojan GoldPickaxe.iOS, an imitation of legitimate Thai government applications such as Digital Pension for Thailand. These malicious apps collect identity documents, SMS, and facial recognition data. Likely to ensure the greatest catch of personal data, some member of the GoldPickaxe malware family is available for both iOS and Android platforms. Group-IB attributed the campaign to a Chinese-speaking cybercrime group called GoldFactory.<\/p>\n\n\n\n

This malware family is also detected by ESET security solutions.<\/p>\n\n\n\n

The GoldPickaxe Android version is distributed via websites posing as the official Google Play store. To distribute the iOS version, the threat actors use a multistage social engineering scheme to persuade victims to install a mobile device management (MDM) profile, which allows attackers to gain complete control over the victim\u2019s iOS device.<\/p>\n\n\n\n

For example, attackers pretended to be officials from the Thai Ministry of Finance approaching citizens claiming that the targeted users\u2019 elderly relatives were eligible for additional pension benefits. The victims were then persuaded to click on links to the criminals\u2019 websites to download an MDM profile.<\/p>\n\n\n\n

In this way, attackers can access victims’ facial recognition data without cracking Apple\u2019s privacy protection measures such as the Secure Enclave<\/a>, a hardware-based secure environment designed to keep sensitive user data. <\/p>\n\n\n\n

Creating deep fake videos<\/h3>\n\n\n\n

Once installed, GoldPickaxe prompts the victim to record a video as a confirmation method in the fake application. The recorded video is then used as raw material for the creation of deepfake videos facilitated by face-swapping artificial intelligence services.<\/p>\n\n\n\n

But that\u2019s not all, since the fake video would not be enough by itself to fool a bank\u2019s security and authentication systems. The malware also requests the victim\u2019s ID documents, intercepts SMS, and redirects traffic through the proxy server.<\/p>\n\n\n\n

GoldPickaxe does not directly perform unauthorized transactions from the victim\u2019s phone. Instead, it collects all the necessary information from the victim to autonomously access the victim\u2019s banking application.<\/p>\n\n\n\n

Group-IB researchers hypothesize that the cybercriminals use their own devices to log in to bank accounts, a tactic that was also confirmed by the Thai police.<\/p>\n\n\n\n

The importance of prevention<\/h3>\n\n\n\n

Considering the use of call centers, advanced malware, and AI for deepfake video production, it\u2019s clear that these cybercriminals put some effort into their attacks. This, however, doesn\u2019t mean that such threats cannot be stopped, especially with good prevention.<\/p>\n\n\n\n

Let\u2019s start with basic awareness principles:<\/strong><\/p>\n\n\n\n