back to article Pair accused of turning photos into vids to crack tax dept facial recognition system in China

A duo in China has been accused of tricking a government-run identity verification system to create fake invoices. According to state-controlled outlet Xinhua, the suspects tricked the State Taxation Administration platform’s identity verification system by manipulating high-def photos with a widely available app that turns …

  1. Dan 55 Silver badge

    And what are the UK's internal vaccine passports going to use?

    I'll give you a guess...

    Vaccine certificates are ‘ID cards on steroids’

    Filings seen by the Telegraph revealed grants to develop the scheme, worth a total £450,000, on key aspects needed to get it up-and-running: verification and storage of digital certificates, facial recognition technology, proof of ‘covid credentials’, apps, accreditation platforms for large events.

    1. Chris G

      Re: And what are the UK's internal vaccine passports going to use?

      I can't imagine Michael Gove trying to be charming, sounds creepy to me.

      I also can't imagine Vax passports being run efficiently, considering that vaccination does not mean you can't catch vivid, does not mean you can't be a spreader and in addition the levels and reliability of regular testing have neither the infrastructure or a short enough response time to be effective.

      Still it would create jobs, join the sanitary plod anyone?

      1. Anonymous Coward
        Anonymous Coward

        Re: And what are the UK's internal vaccine passports going to use?

        And thus we see the actual reason for the hysteria.

      2. Blazde Silver badge

        Re: And what are the UK's internal vaccine passports going to use?

        "I can't imagine Michael Gove trying to be charming, sounds creepy to me"

        Profoundly creepy but also weirdly heartbreaking?

        https://youtu.be/gxN1eRtbb80?t=89

        "I came to discus the trade agreement.. and find love"

      3. batfink

        Re: And what are the UK's internal vaccine passports going to use?

        It's alright - they'll put Dido on the case.

        1. Anonymous Coward
          Anonymous Coward

          Re: And what are the UK's internal vaccine passports going to use?

          Providing that's Dido the singer then it might work out OK.

    2. Anonymous Coward
      Anonymous Coward

      Re: And what are the UK's internal vaccine passports going to use?

      The going rate for not developing COVID apps is £30million. Does that really say that they are going to spend less than £450,000 to develop an app? They won't even be able to design the icon for that kind of small change.

      1. martyn.hare
        Paris Hilton

        Simple, easy implementation

        One does not need a dedicated app, as the token can be stored and accessed using Wallet on iOS/Android and then the ‘passport reader’ can confirm compliance by contacting a dedicated server which stores the info.

        The reader would take a QR Code from a phone. It would then authenticate itself to the dedicated server which returns a passport style photo of the individual (with a watermark and small, random sections removed) and a notice showing the person has been independently verified as compliant. No name, no date of birth, no medical information is needed. If someone can’t be vaccinated for legitimate medical reasons, they would still show as compliant to avoid any form of discrimination. Anyone who isn’t compliant simply doesn’t show up, and it would be doctors who would create the passport record and store a copy of the UUID in a patient medical record each year, which is an independent, confidential system. The creation could be done by a webcam connected to a PC which authenticates to a web portal using TPM-backed client SSL client machine certificate plus credentials for each doctor (could be hooked into NHS Azure AD for simple, easy SSO).

        As this is just for COVID and we are talking about a disease which will be as seasonal as flu, old data could be purged from the system every year, and only minimal amounts of data would be stored in the first place (a UUID, a photo and a date).

        This means in the event of a compromise, people get photos of faces and that is it. People running the checks see your face (which is in front of them anyway) which gives away nothing more than you did by attempting to enter an establishment to begin with. Your privacy is preserved and if you don’t trust the government then this could be delegated to an independent organisation to ensure data segregation.

        Does this really need £30m? Paris says even Dropbox could get this right!

        1. Shady

          Re: Simple, easy implementation

          That’s desperately optimistic. I fully expect them to produce an app that shows a mugshot alongside a phrase such as “I haz had vaxxxine, innit”

          The Daily Fail will be first to break the story of how easily hackers can fake the app using Microsoft Paint. Microsoft will of course be monstered for selling a tool like Paint, which allows hardened crims to fake Vaccine Passports, the proceeds of which, an exclusive investigation can reveal, are used to fund human trafficking using hacked e-scooters

    3. Fruit and Nutcase Silver badge
      Trollface

      Re: And what are the UK's internal vaccine passports going to use?

      I would not be at all surprised if someone will con HMG/Cabinet Office tp parting no small amount on something along the lines of this device

      https://www.theregister.com/2013/05/02/mccormick_jailed_decade_fake_bomb_detectors/

      They'll say no need for vaccine passports as venues will be able to afford these cheap "covid detectors" and the test will be very sensitive and results immediate.

      And the government will rubber stamp the requisition on covid regulations without normal scrutiny and the con artists will be gone with the loot before the government realise they've been conned.

  2. sitta_europea Silver badge

    Yeah, but have they been arrested?

    1. Pascal Monett Silver badge

      I re-checked the article and you're right, there is nothing that specifically states the miscreants are in jail.

      So, good question. What is the answer ?

      1. Anonymous Coward
        Devil

        They've been assigned to a Chinese hacking group.

    2. x 7

      they'll become organ donors

      they've defrauded the state, that's a good way of getting the authorities very upset

      1. Anonymous Coward
        Anonymous Coward

        They're refunding the govt.

        One kidney at a time.

    3. teknopaul

      Not yet confirmed their identity, the Chinese government released 30,000 animated photofits, UK plod threw some A.I at the problem and arrested 3 black youths in the Wimbledon area called Mr Lee, Mr Liam and Mr Leroy.

    4. Michael Wojcik Silver badge

      It's cool, the prison has video of them being locked up, and facial recognition says it's legit.

  3. Mike 137 Silver badge

    Inevitable

    As such systems can't actually "see" images as humans see them but merely decide on the basis of statistical approximations to numerical digests of pixel value arrays, there's always going to be a way to fool them. The human capacity for intuitive suspicion is not yet understood (and no, FMRI data don't help here as it's not a matter of which bit of the brain is active, but what it's actually doing) so we can't build it into our machines. There are certain functions for which competent humans are invaluable, where machines at best perform like the very least perceptive and attentive of humans.

    1. Michael Wojcik Silver badge

      Re: Inevitable

      There are many very serious problems with extant facial-recognition and other ML-based computer-vision systems, but what you've written above is a bunch of vacant handwaving, frankly.

      Reducing modern ML model architectures to "statistical approximations of numerical digests" is about as meanginful as saying they're "arithmetic". It's not a useful description of the stacked ANN architectures that most of the approaches are deploying, with multiple layers of convolutional and fully-connected networks, often recurrent networks as well, and other functions.

      There's no evidence to support the argument that what the human visual system does is qualitatively different from "statistical approximations". And, yes, that includes Penrose's thesis, which is ambitious but fundamentally unpersuasive. (A type-4 doxastic reasoner can believe its own type-4 nature, specifically its inability to believe itself contradiction-free; that's isomorphic to a type-4 doxastic logic system proving its own type-4 nature, and that's isomorphic to proving the Incompleteness Theorem.)

      And there will always be a way to fool humans, too.

      I'm no fan of facial recognition, but I prefer to dislike it because of real, technical shortcomings, and not faith in hypothetical qualia like "intuitive suspicion".

  4. Pascal Monett Silver badge

    "China was an early adopter"

    And lo! So were the miscreants.

    Turning a picture into a video, nice lateral thinking there.

    1. Anonymous Coward
      Anonymous Coward

      Re: "China was an early adopter"

      Or conversely, poor forward thinking by the designers

      The law of unintended consquences will continue as per usual

      1. Wellyboot Silver badge

        Re: "China was an early adopter"

        >>>poor forward thinking by the designers<<<

        Possibly the designers were thinking 'who'd be smart enough to do this and still be dumb enough to actually try this on a chinese government site'.

        Reward - sudden unexplained increase in wealth within an almost fully automated monetary system.

        Risk - being caught stealing from the chinese government.

    2. Anonymous Coward
      Anonymous Coward

      Re: "China was an early adopter"

      "China was an early adopter"

      And we thank it for that, because that way the whole world will discover the failings of the "biometrics" fad, while we remain spared the hassle (and loss of possessions/freedom) it entails.

      1. Flocke Kroes Silver badge

        Re: "China was an early adopter"

        Stop thinking like a person and start thinking like a government. The amazing thing about a boondoggle that is utterly broken by the first design decision is after the project is very late, massively over budget and ridiculed for being thoroughly busted you can do exactly the same thing again for 10x the price.

        (Just in case there is someone out there who does not already know: biometrics==identification==user name, biometrics!=authentication==password. If you do not believe me, write your internet banking password on 100 post-it notes and stick one to each door handle you touch then change your finger prints.)

        1. teknopaul

          Re: "China was an early adopter"

          I thought the opposite, biometrics in tech did not give you and ID, they give you a rough idea of similarity to some prerecorded parameters.

          So while your real face may uniquely identify you, a computers facial recognition measures certain key points and distances and then when given an image or video is asked if this is a close enough match to a prerecorded set of points. In this case biometrics can _only_ authenticate and cannot provide an ID. I.e facial recognition software can only say is this a close match for subject A or B or C & not turn this face into a unique string or number, pass it around and have some other system use and be able to validate that ID.

          Just because you can't change it does not mean it cannot be used for auth. ref recent article on bank note fingerprinting.

  5. cornetman Silver badge
    Facepalm

    Using your face for verify identify in this fashion is just the same as using fingerprints. It is just not enough.

    It is akin to a userid, not a password.

    When are people going to understand this?

    1. Version 1.0 Silver badge

      It's a good illustration that every "secure" ID system is going to be hacked - sure, it's secure today but tomorrow? We'll just think that it's secure.

    2. ThatOne Silver badge

      > When are people going to understand this?

      Never, there is too much money in selling "biometric" solutions. To the layman it sounds sophisticated and infallible, with the right touch of "expensive 007 gadget" on top. Biometrics are (and will remain) a staple of movies wanting to illustrate highest security.

      The problem is that people always take everything at face value, and need education to know that the nice guy in the trench coat and the windowless panel van doesn't actually want to give you candy, or that the bridge/Ferrari some stranger wants to sell you at a street corner doesn't really exist (and so on). It will take ages, and many highly publicized disasters, before (some) people start realizing biometrics aren't the ultimate security.

  6. Anonymous Coward
    Anonymous Coward

    Couldn’t happen to a nicer government. Hope this marks the beginning of the end of the government obsession with tracking everything.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like