Imagine that you leave your iPhone on a table in the restaurant. Someone can easily take it and access all the information inside your phone. All your emails, contacts, photos and even financial information are exposed. A disaster, isn’t it? Not really, as this is unlikely to happen since the latest iPhone has FaceID technology capable of identifying the owner’s face with an error rate of only one out of a million. You can rest assured that engineers in technology companies work hard to make your device safe. However, the techniques of spoofing attacks have also been upgraded quickly and the danger of devices being hacked has never faded.
A spoofing attack is a scenario in which a person or a piece of a program disguises as another by falsifying information, to gain access to valuable data, spread malware through infected links or attachments, bypass network access controls and so on. Spoofing can be done to hardware, software, emails, phone calls, websites, IP addresses, etc.
A notable example is the Fake Wi-Fi hotspots. Millions of people use public Wi-Fi networks on their mobile devices in airports, restaurants and while they are traveling. In a public place that offers Wi-Fi, you may notice multiple networks available to join and decide to pick a name that best suits your needs, such as “xx Free Wi-Fi”. What you may not know is that it could be a fake Wi-Fi hotspot set up by a hacker. Once you connect to it and use it to read emails and bank online, the hacker will see and steal your information. To avoid any potential damage, you need to protect your data and here are a few suggestions: double-check the Wi-Fi you are connecting is legitimate by looking at the server name; has the discipline to use only the websites with additional security features such as HTTPS; use the apps provided by banks and institutes and they typically provide more protections over public networks; and at last, using a VPN when it is applicable would act as a safeguard against spoofers.
Face recognition has been popular in the latest mobile devices and is also being adopted by public places for security and payment purposes. Inevitably it also becomes a point of interest for hackers. In order to spoof attack the facial recognition mechanism in a device, a hacker has to obtain a victim’s 3D facial data and fabricate a fake face to trick the device. As facial data becomes more useful there could be many ways for a hacker to steal it, such as hacking into the cloud, using fake apps or simply setting up a 3D camera in a public space to take it. The 3D printing technology today has been advanced so that printing head avatars in fine detail is not an insurmountable challenge. A study done by Forbes in 2018 has shown that 3 of 5 phones tested have been successfully fooled by the 3D printed head. As usual, technology has been evolving quickly to address the problem, notably the attention awareness used in iPhone as well as the eye blinking monitoring. However, there are still reports of the latest phones being tricked by spoofing attacks. It should bring people’s attention that the facial data is a piece of important privacy information to be protected. Awareness of these risks is the key to being safer.