Category: Security

Posted on

Final Project Post: Hackerman

Project Title: Hackerman

Project Team: Me, Myself and I

One Sentence: On-premises vulnerability assessment tools.

Video:

[Note: The entire state of Wisconsin, can’t handle the level of cheese in this video]

Final Poster:

Description of what project does and how it works:

The purpose of the hackerman jacket is to reveal security flaws in the infrastructure of a physical location, it accomplishes this with three tools. The first tool is the RFID theif that uses a basic RFID reader in combination with a micro controller to copy the hash map of a 13.56 Mghz tag and paste it onto a blank card. The second tool is the bash bunny that is made up by a raspberry pi zero w with some push buttons and a DIP switch. This raspberry pi was programmed to be recognized as a keyboard, mouse or some other external device by the victim machine and then I could select one of my payloads on the DIP switch which would then execute on the host machine. The third tool is the Pumpkin Pi which was a retrofitted raspberry pi 3b+ with wifi adapters that was programmed to set up a fake access point, once a victim connects to it I can monitor their internet traffic if it is unencrypted. The hope is that when these tools are used in tandem, one could achieve more in a assessment then on their own.

Overall Feelings Project:

Overall I am disappointed with myself in my en devours with this project. I knew that doing such a hardware focused project would be difficult as I did not have experience in it before, but I did not expect such unreliable performance and extreme difficulty. I had to cut back the versatility of these tools to start with due to my inability to obtain the hardware for greater uses, which already limited the scope of my project. However, the most saddening part was that one of my tools was completely bricked right before the showcase and I had to restart my software work on my pumpkin pi at least 12 times due to me crashing the SD card on it. The fact that I couldn’t get two of three tools reliably working was overall a disappointment for the whole project.

How well did the project meet original project description and goals:

Technically speaking I did set accomplish what I set out to do. All of the tools that I originally wanted to make, were made and did work in a limited function. However, like I have been saying before I did not make these tools better then their commercial counter parts, rather I downgraded all of their versatility and increased their sizes, so this aspect of my original intentions were failed to be realized. In addition to this I intended for my tools to be easily taken in or out of the jacket, but this did not happen due to my difficulties with 3-D printing, my tools ended up being permanently attached to my jacket.

Largest hurdles and how they were overcome:

My biggest hurdles were definitely all my hardware challenges. I did not know how to solder, how to put a circuit together, how to 3-D print, all of these things were brand new to me. To overcome these challenges I spent a lot of time experimenting and training myself in the ways of soldering (purchased my own solder gun and ruined many good circuit boards). For this and the 3-D printing my main method for coping with these hurdles was simply trial and error and to my surprise this kinda worked, I did get all my circuits together, on and working (kinda). Even though that some of these tools broke I still consider these challenges overcome.

If I had more time:

If I had more time I would have acquired more versatile hardware and made my tools accomplish the scope that I set out for. In addition to this if I had more time I would have had more chances to get my holders/inserts for my tools the perfect size (and they would have been finally removable and protected!). In addition to this I wish I had more time to come up with a better demonstration for these tools instead of them just (working). Maybe this could have been a well shot video of all of these tools working in tandem in a real life scenario would have been easy to show.

Material List:

Part Price Quantity Link
wireless network adapter $28.50 1 https://www.amazon.com/gp/product/B0035OCVO6/ref=ppx_od_dt_b_asin_title_s01?ie=UTF8&psc=1
Ethernet cable $3 1 https://www.amazon.com/AmazonBasics-RJ45-Cat-6-Ethernet-Patch-Cable-5-Feet-1-5-Meters/dp/B00N2VILDM/?tag=whtnb-20
Raspberry Pi 3 or 3 B+ $38.10 1 https://www.amazon.com/ELEMENT-Element14-Raspberry-Pi-Motherboard/dp/B07BDR5PDW/?tag=whtnb-20
microSD card $6.85 1 https://www.amazon.com/SanDisk-microSDHC-Standard-Packaging-SDSQUNC-032G-GN6MA/dp/B010Q57T02/?tag=whtnb-20
power source (Enokay Power Supply for Raspberry Pi 5V 2.5A Micro USB Charger Adapter with On Off Switch) $8.59 1 https://www.amazon.com/Enokay-Supply-Raspberry-Charger-Adapter/dp/B01MZX466R/?tag=whtnb-20
USB keyboard/mouse interface (Rii Mini Wireless 2.4GHz Keyboard with Mouse Touchpad Remote Control, Black (mini X1)) $16.99 1 https://www.amazon.com/gp/product/B00I5SW8MC/?tag=whtnb-20
SD card adapter $7.99 1 https://www.amazon.com/Vanja-standard-Connector-Notebooks-Smartphones/dp/B00W02VHM6/?tag=whtnb-20
Raspberry Pi Zero Wifi $10.00 1 https://www.adafruit.com/category/933?src=raspberrypi
Pi Zero USB Stem $5.00 1 https://shop.pimoroni.com/products/zero-stem-usb-otg-connector
2 x Tactile Push Button Switch With LED lights $3.00 1 https://www.aliexpress.com/item/5PCS-1-set-12X12X7-3-Tactile-Push-Button-Switch-Momentary-Tact-LED-5-Color-12X12X7-3mm/32873551440.html?spm=2114.search0104.3.2.3b0241a0ILdgzL&ws_ab_test=searchweb0_0,searchweb201602_5_10065_10130_10068_10890_10547_319_10546_317_10548_10545_10696_453_10084_454_10083_10618_10307_537_536_10902_10059_10884_10887_321_322_10103,searchweb201603_58,ppcSwitch_0&algo_expid=0747bf75-f245-43c5-a0c1-4966ea4078a8-0&algo_pvid=0747bf75-f245-43c5-a0c1-4966ea4078a8&transAbTest=ae803_5
DIP switch with 4 switches $3.00 1 https://www.aliexpress.com/item/10pcs-lot-Slide-Type-SMT-SMD-Dip-Switch-2-54mm-Pitch-2-Row-4-Pin-2/32956815576.html?spm=2114.search0104.3.3.4c971641sXqPaV&ws_ab_test=searchweb0_0,searchweb201602_5_10065_10130_10068_10890_10547_319_10546_317_10548_10545_10696_453_10084_454_10083_10618_10307_537_536_10902_10059_10884_10887_321_322_10103,searchweb201603_58,ppcSwitch_0&algo_expid=60dfe6ec-dd9e-4db7-93f0-5f94aec30ef4-0&algo_pvid=60dfe6ec-dd9e-4db7-93f0-5f94aec30ef4&transAbTest=ae803_5
2 x 330R resistors HAVE 1
MFRC522 RFID reader module $5.49 1 https://www.amazon.com/gp/product/B01CSTW0IA/ref=ppx_od_dt_b_asin_title_s01?ie=UTF8&psc=1
MIFARE 1K RFID card (with changeable UID, 13.56Mhz) Included 1
some RFID card to copy (only 13.56Mhz cards can be read/written by this particular card reader module) Included 1
Tactile Touch Push Button Switch Tact Switches 6 X 6 X 5mm Included 1
LEDs (red, yellow, green) + resistors (1k ohm) $7.00 1 https://www.amazon.com/gp/product/B01ER728F6/ref=ppx_od_dt_b_asin_title_s02?ie=UTF8&psc=1
3 AA batteries (1.5V each) HAVE 1
2 zener diodes (3.7V) or (3.6V) $8.00 1 https://www.amazon.com/gp/product/B07BTKVRG8/ref=ppx_od_dt_b_asin_title_s01?ie=UTF8&psc=1
switch (3 Terminals ON/ON 2 Positions SPDT Electronic Push Button Sliding Switches) $5.00 1 https://www.amazon.com/gp/product/B0799R529Z/ref=ppx_od_dt_b_asin_title_s02?ie=UTF8&psc=1
cables, hot glue, tape (30AWG Insulated Silver Plated Single Core Copper PCB 0.25mm Kynar Wrapping Wire) $5.00 1 https://www.amazon.com/gp/product/B07M7BHKRV/ref=ppx_od_dt_b_asin_title_s01?ie=UTF8&psc=1
Arduino Pro Micro 5V $20.89 1 https://www.amazon.com/gp/product/B01MTU9GOB/ref=ppx_yo_dt_b_asin_title_o04_s00?ie=UTF8&psc=1
PCB Prototyping Board $10.00 1 https://www.amazon.com/gp/product/B072Z7Y19F/ref=ppx_od_dt_b_asin_title_s02?ie=UTF8&psc=1
Solder Gun $67.98 1 https://www.amazon.com/gp/product/B01MDTO6X7/ref=ppx_yo_dt_b_asin_title_o06_s00?ie=UTF8&psc=1
Desoldering Gun and Desoldering Wick $7.69 1 https://www.amazon.com/gp/product/B07BB8DGMP/ref=ppx_yo_dt_b_asin_title_o07_s00?ie=UTF8&psc=1
Battery Pack For Raspberry Pi 3 B+ $25.25 1 https://www.amazon.com/gp/product/B07BSG7V3J/ref=ppx_yo_dt_b_asin_title_o02_s00?ie=UTF8&psc=1

 

Posted on

Project Post #2: Michael Leykin

Project Title: Penetration of Endpoints and Networks Infiltration System

Project Team: Me, myself and I.

Weekly Accomplishments:

  • Research into methodology for creating these tools
    • Mainly looking into a way to read and write RFID badges reliably without having to trust some sketchy manufacturer
      • I am having a lot of trouble with this, doesn’t seem to be a clean way to do this with established products
    • Found plenty of guides and parts lists for building a custom bash bunny
      • https://blog.hackster.io/build-an-affordable-bash-bunny-with-a-raspberry-pi-zero-w-11a4abf7bde5
      • https://www.cron.dk/poor-mans-bash-bunny/
    • Again lots of established guides for building rogue access points
Posted on

Project Post #6: Michael Leykin

Project Title: Penetration of Endpoints and Networks Infiltration System

Project Team: Me, Myself and I

One Sentence: On-premises vulnerability assessment tool.

Weekly Accomplishments + Pics:

I have designed the parts for the covers for the first two parts and these are ready for printing. I have also taped down the RFID theif into one shape.

Material List:

 

Part

 Price Quantity Link
wireless network adapter $28.50 1 https://www.amazon.com/gp/product/B0035OCVO6/ref=ppx_od_dt_b_asin_title_s01?ie=UTF8&psc=1
Ethernet cable $3 1 https://www.amazon.com/AmazonBasics-RJ45-Cat-6-Ethernet-Patch-Cable-5-Feet-1-5-Meters/dp/B00N2VILDM/?tag=whtnb-20
Raspberry Pi 3 or 3 B+ $38.10 1 https://www.amazon.com/ELEMENT-Element14-Raspberry-Pi-Motherboard/dp/B07BDR5PDW/?tag=whtnb-20
microSD card $6.85 1 https://www.amazon.com/SanDisk-microSDHC-Standard-Packaging-SDSQUNC-032G-GN6MA/dp/B010Q57T02/?tag=whtnb-20
power source (Enokay Power Supply for Raspberry Pi 5V 2.5A Micro USB Charger Adapter with On Off Switch) $8.59 1 https://www.amazon.com/Enokay-Supply-Raspberry-Charger-Adapter/dp/B01MZX466R/?tag=whtnb-20
USB keyboard/mouse interface (Rii Mini Wireless 2.4GHz Keyboard with Mouse Touchpad Remote Control, Black (mini X1)) $16.99 1 https://www.amazon.com/gp/product/B00I5SW8MC/?tag=whtnb-20
SD card adapter $7.99 1 https://www.amazon.com/Vanja-standard-Connector-Notebooks-Smartphones/dp/B00W02VHM6/?tag=whtnb-20
Raspberry Pi Zero Wifi $10.00 1 https://www.adafruit.com/category/933?src=raspberrypi
Pi Zero USB Stem $5.00 1 https://shop.pimoroni.com/products/zero-stem-usb-otg-connector
2 x Tactile Push Button Switch With LED lights $3.00 1 https://www.aliexpress.com/item/5PCS-1-set-12X12X7-3-Tactile-Push-Button-Switch-Momentary-Tact-LED-5-Color-12X12X7-3mm/32873551440.html?spm=2114.search0104.3.2.3b0241a0ILdgzL&ws_ab_test=searchweb0_0,searchweb201602_5_10065_10130_10068_10890_10547_319_10546_317_10548_10545_10696_453_10084_454_10083_10618_10307_537_536_10902_10059_10884_10887_321_322_10103,searchweb201603_58,ppcSwitch_0&algo_expid=0747bf75-f245-43c5-a0c1-4966ea4078a8-0&algo_pvid=0747bf75-f245-43c5-a0c1-4966ea4078a8&transAbTest=ae803_5
DIP switch with 4 switches $3.00 1 https://www.aliexpress.com/item/10pcs-lot-Slide-Type-SMT-SMD-Dip-Switch-2-54mm-Pitch-2-Row-4-Pin-2/32956815576.html?spm=2114.search0104.3.3.4c971641sXqPaV&ws_ab_test=searchweb0_0,searchweb201602_5_10065_10130_10068_10890_10547_319_10546_317_10548_10545_10696_453_10084_454_10083_10618_10307_537_536_10902_10059_10884_10887_321_322_10103,searchweb201603_58,ppcSwitch_0&algo_expid=60dfe6ec-dd9e-4db7-93f0-5f94aec30ef4-0&algo_pvid=60dfe6ec-dd9e-4db7-93f0-5f94aec30ef4&transAbTest=ae803_5
2 x 330R resistors HAVE 1
MFRC522 RFID reader module $5.49 1 https://www.amazon.com/gp/product/B01CSTW0IA/ref=ppx_od_dt_b_asin_title_s01?ie=UTF8&psc=1
MIFARE 1K RFID card (with changeable UID, 13.56Mhz) Included 1
some RFID card to copy (only 13.56Mhz cards can be read/written by this particular card reader module) Included 1
Tactile Touch Push Button Switch Tact Switches 6 X 6 X 5mm Included 1
LEDs (red, yellow, green) + resistors (1k ohm) $7.00 1 https://www.amazon.com/gp/product/B01ER728F6/ref=ppx_od_dt_b_asin_title_s02?ie=UTF8&psc=1
3 AA batteries (1.5V each) HAVE 1
2 zener diodes (3.7V) or (3.6V) $8.00 1 https://www.amazon.com/gp/product/B07BTKVRG8/ref=ppx_od_dt_b_asin_title_s01?ie=UTF8&psc=1
switch (3 Terminals ON/ON 2 Positions SPDT Electronic Push Button Sliding Switches) $5.00 1 https://www.amazon.com/gp/product/B0799R529Z/ref=ppx_od_dt_b_asin_title_s02?ie=UTF8&psc=1
cables, hot glue, tape (30AWG Insulated Silver Plated Single Core Copper PCB 0.25mm Kynar Wrapping Wire) $5.00 1 https://www.amazon.com/gp/product/B07M7BHKRV/ref=ppx_od_dt_b_asin_title_s01?ie=UTF8&psc=1
Arduino Pro Micro 5V $20.89 1 https://www.amazon.com/gp/product/B01MTU9GOB/ref=ppx_yo_dt_b_asin_title_o04_s00?ie=UTF8&psc=1
PCB Prototyping Board $10.00 1 https://www.amazon.com/gp/product/B072Z7Y19F/ref=ppx_od_dt_b_asin_title_s02?ie=UTF8&psc=1
Solder Gun $67.98 1 https://www.amazon.com/gp/product/B01MDTO6X7/ref=ppx_yo_dt_b_asin_title_o06_s00?ie=UTF8&psc=1
Desoldering Gun and Desoldering Wick $7.69 1 https://www.amazon.com/gp/product/B07BB8DGMP/ref=ppx_yo_dt_b_asin_title_o07_s00?ie=UTF8&psc=1
Battery Pack For Raspberry Pi 3 B+ $25.25 1 https://www.amazon.com/gp/product/B07BSG7V3J/ref=ppx_yo_dt_b_asin_title_o02_s00?ie=UTF8&psc=1

Areas of Concern: Still need to figure out a way to boost my wifi pumpkin to be more powerful and need to find a way to effectively demonstrate my tools, may be difficult without getting into technicalities. I am also concered about my covers fitting onto my parts. Everything is coming together but I am still having some last roadblocks.

Posted on

Project Post #4: Michael Leykin

Project Title: Penetration of Endpoints and Networks Infiltration System

Project Team: Me, myself and I

Weekly Accomplishments + Images:

Finished Soldering For Bash Bunny:

All soldering DONE!

Spent time this weekend, building my rouge WiFi network and got it to work and have an idea to make it mobile:

Material List:

 

Part

 Price Quantity Link
wireless network adapter $28.50 1 https://www.amazon.com/gp/product/B0035OCVO6/ref=ppx_od_dt_b_asin_title_s01?ie=UTF8&psc=1
Ethernet cable $3 1 https://www.amazon.com/AmazonBasics-RJ45-Cat-6-Ethernet-Patch-Cable-5-Feet-1-5-Meters/dp/B00N2VILDM/?tag=whtnb-20
Raspberry Pi 3 or 3 B+ $38.10 1 https://www.amazon.com/ELEMENT-Element14-Raspberry-Pi-Motherboard/dp/B07BDR5PDW/?tag=whtnb-20
microSD card $6.85 1 https://www.amazon.com/SanDisk-microSDHC-Standard-Packaging-SDSQUNC-032G-GN6MA/dp/B010Q57T02/?tag=whtnb-20
power source (Enokay Power Supply for Raspberry Pi 5V 2.5A Micro USB Charger Adapter with On Off Switch) $8.59 1 https://www.amazon.com/Enokay-Supply-Raspberry-Charger-Adapter/dp/B01MZX466R/?tag=whtnb-20
USB keyboard/mouse interface (Rii Mini Wireless 2.4GHz Keyboard with Mouse Touchpad Remote Control, Black (mini X1)) $16.99 1 https://www.amazon.com/gp/product/B00I5SW8MC/?tag=whtnb-20
SD card adapter $7.99 1 https://www.amazon.com/Vanja-standard-Connector-Notebooks-Smartphones/dp/B00W02VHM6/?tag=whtnb-20
Raspberry Pi Zero Wifi $10.00 1 https://www.adafruit.com/category/933?src=raspberrypi
Pi Zero USB Stem $5.00 1 https://shop.pimoroni.com/products/zero-stem-usb-otg-connector
2 x Tactile Push Button Switch With LED lights $3.00 1 https://www.aliexpress.com/item/5PCS-1-set-12X12X7-3-Tactile-Push-Button-Switch-Momentary-Tact-LED-5-Color-12X12X7-3mm/32873551440.html?spm=2114.search0104.3.2.3b0241a0ILdgzL&ws_ab_test=searchweb0_0,searchweb201602_5_10065_10130_10068_10890_10547_319_10546_317_10548_10545_10696_453_10084_454_10083_10618_10307_537_536_10902_10059_10884_10887_321_322_10103,searchweb201603_58,ppcSwitch_0&algo_expid=0747bf75-f245-43c5-a0c1-4966ea4078a8-0&algo_pvid=0747bf75-f245-43c5-a0c1-4966ea4078a8&transAbTest=ae803_5
DIP switch with 4 switches $3.00 1 https://www.aliexpress.com/item/10pcs-lot-Slide-Type-SMT-SMD-Dip-Switch-2-54mm-Pitch-2-Row-4-Pin-2/32956815576.html?spm=2114.search0104.3.3.4c971641sXqPaV&ws_ab_test=searchweb0_0,searchweb201602_5_10065_10130_10068_10890_10547_319_10546_317_10548_10545_10696_453_10084_454_10083_10618_10307_537_536_10902_10059_10884_10887_321_322_10103,searchweb201603_58,ppcSwitch_0&algo_expid=60dfe6ec-dd9e-4db7-93f0-5f94aec30ef4-0&algo_pvid=60dfe6ec-dd9e-4db7-93f0-5f94aec30ef4&transAbTest=ae803_5
2 x 330R resistors HAVE 1
MFRC522 RFID reader module $5.49 1 https://www.amazon.com/gp/product/B01CSTW0IA/ref=ppx_od_dt_b_asin_title_s01?ie=UTF8&psc=1
MIFARE 1K RFID card (with changeable UID, 13.56Mhz) Included 1
some RFID card to copy (only 13.56Mhz cards can be read/written by this particular card reader module) Included 1
Tactile Touch Push Button Switch Tact Switches 6 X 6 X 5mm Included 1
LEDs (red, yellow, green) + resistors (1k ohm) $7.00 1 https://www.amazon.com/gp/product/B01ER728F6/ref=ppx_od_dt_b_asin_title_s02?ie=UTF8&psc=1
3 AA batteries (1.5V each) HAVE 1
2 zener diodes (3.7V) or (3.6V) $8.00 1 https://www.amazon.com/gp/product/B07BTKVRG8/ref=ppx_od_dt_b_asin_title_s01?ie=UTF8&psc=1
switch (3 Terminals ON/ON 2 Positions SPDT Electronic Push Button Sliding Switches) $5.00 1 https://www.amazon.com/gp/product/B0799R529Z/ref=ppx_od_dt_b_asin_title_s02?ie=UTF8&psc=1
cables, hot glue, tape (30AWG Insulated Silver Plated Single Core Copper PCB 0.25mm Kynar Wrapping Wire) $5.00 1 https://www.amazon.com/gp/product/B07M7BHKRV/ref=ppx_od_dt_b_asin_title_s01?ie=UTF8&psc=1
Arduino Pro Micro 5V $20.89 1 https://www.amazon.com/gp/product/B01MTU9GOB/ref=ppx_yo_dt_b_asin_title_o04_s00?ie=UTF8&psc=1
PCB Prototyping Board $10.00 1 https://www.amazon.com/gp/product/B072Z7Y19F/ref=ppx_od_dt_b_asin_title_s02?ie=UTF8&psc=1
Solder Gun $67.98 1 https://www.amazon.com/gp/product/B01MDTO6X7/ref=ppx_yo_dt_b_asin_title_o06_s00?ie=UTF8&psc=1
Desoldering Gun and Desoldering Wick $7.69 1 https://www.amazon.com/gp/product/B07BB8DGMP/ref=ppx_yo_dt_b_asin_title_o07_s00?ie=UTF8&psc=1
Battery Pack For Raspberry Pi 3 B+ $25.25 1 https://www.amazon.com/gp/product/B07BSG7V3J/ref=ppx_yo_dt_b_asin_title_o02_s00?ie=UTF8&psc=1

Areas of Concern:

I am having trouble making my rouge wifi network fast enough to connect to with just the internal wifi adapter and external adapter alone, I am looking into solution but I could use some advice here. I will be doing the software for the rest of my devices this week so I am sure I will run into problems there as well.

Posted on

Michael Leykin: Initial Project Pitch

Name: Michael Leykin

Idea#1: Defense

The 3-factor Bluetooth authentication bracelet!

Sketch:

Purpose: Add additional layers of security to any physical device.

Project is meant to be a pragmatic solution for companies with large number of workstations.

How It Would Work: After application is installed on machine, the Bluetooth bracelet would calibrate to identify you, then from then on, you would have to have the bracelet on when logging into your machine.

Confident Skills: Programming, security knowledge.

Not Confident Skills: Product design, hardware design, electrical engineering and bio metric sensors.

Idea#2: Offense

Penetration of

Endpoints and

Networks

Infiltration

System

Sketch:

Purpose: To perform a vulnerability assessment on a physical location/organization.

This project is not pragmatic at all, the only legitimate use for such a project would be for malicious purposes, so this is mainly experimental and playful.

Again, the only people I could see using this would be a malicious actor or a very dedicated security team.

How it would work: The wearer of this jacket could use a multitude of the pen testing tools present in this jacket to gain a variety of information to send back to your home machine (password hashes, metadata from workstations…etc).

Confident Skills: Programming, Pen testing tool knowledge.

Non-confident Skills: Component integration into a garment, sewing.

 

Posted on

Adversarial Temporary Tattoo – John Compas

Adversarial Temporary Tattoo

Fooling AI for the price of a sticker

John Compas

Abstract

Researchers have consistently demonstrated over the past three or four years that image and facial recognition techniques are highly susceptible to attack. Many are not designed to be robust in such a manner, making them vulnerable. I aim to create temporary tattoos or other articles of clothing that can disguise the wearer from facial or object recognition. Potentially, this tattoo could not only obscure the wearer but force the AI to classify them as a different person or object.

Technical Details

Researchers at Carnegie Mellon showed two years ago that it was possible to create psychedelic looking glasses that could massively impact how that person’s face was classified by AI [1].  Since then a number of different studies have had similar success attacking classifiers using a variety of techniques. An open source project dedicated to this idea, CVDazzle, has produced many “anti faces” to conceal the wearer. However, both Carnegie Mellon and CVDazzle’s techniques are relatively human obvious. I aim to create a temporary tattoo while looking “normal” has slight, human undetectable modifications that obfuscate the user’s face or body to image detection algorithms. This has been done by [2] although solely on a pixel-by-pixel basis and not in the real world.

[3] Turning a banana into a toaster

 

A team at Google found that a small patch, applied near an object, could disrupt image classifiers. Many of these techniques counted on access to the internal workings of the classification algorithm to work, however. In [4] a team from MIT showed that a “black box” approach to attack Google’s Cloud Vision. With an evolutionary algorithm, they were able to reduce the time taken to obfuscate an image by multiple orders of magnitude. Using a combination of the aforementioned techniques, I would aim to create patterns for temporary tattoos. Ultimately, the goal would be a tattoo that would be innocuous to humans, yet potent to a classification algorithm.

An example: what you see, what Google’s Cloud Vision or FaceID sees

Actually fabricating the tattoos would be trivial. Tattoo paper is cheap and widely available for use with color printers. Likely the most challenging aspect of the project would be to translate simulated pattern success into a real-world demonstration where the lighting and shadows are inconsistent.

Potentially, other objects and fabrics could be demonstrated, but their fabrication is more challenging.

Goals

The purpose of this project is more experimental. Attempts will be made to make these tattoos look normal, but the main purpose will be to successfully attack commercial face recognition technology.

Applications

The implications of this technology, if successful, are widespread. By simply concealing a wearer’s face, security technology at airports and face-ID technology in large cities like London or New York could be massively compromised for little investment.

If fooling a classifier into recognizing you as a different person is also possible, a whole host of new vulnerabilities are exposed. For example, if Apple’s face ID can be exploited, phones and iPads would instantly be vulnerable.

Confident Skills:

Programming (variety of languages)

Hardware Design, PCB Layout

3D Printing

Laser Cutting

Not Confident:

Sewing

Clothing Design

AI

References

[1] https://www.cs.cmu.edu/~sbhagava/papers/face-rec-ccs16.pdf

[2] https://arxiv.org/pdf/1804.04779.pdf

[3] https://arxiv.org/pdf/1712.09665.pdf

[4] https://arxiv.org/pdf/1712.07113.pdf