622
this post was submitted on 28 Mar 2024
622 points (97.1% liked)
Technology
59605 readers
3501 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Just because you said this wouldn't work like SQL Injection, does not mean it won't. You don't know either. Have you worked on facial recognition databases? How do they store their data? Its most likely just a database. Then I would start by looking at steganography techniques to see how those can be applied. Obviously I'm not hiding an executable in there, but I don't see why you couldn't try for unsanitized input, you never know. Now if you want to continue into realism, you would just wear a full face mask outside. You also never answered my question about steganography.
Your question doesn't make any fucking sense in the context of attacking anything, steganography is encoding your message inside redundant encoding for something else.
So, about that word.
A "virus in an image" situation is for cases when a program which will open that image has some vulnerability the attacker knows about, so the image is formed specifically to execute some shellcode in this situation.
Same with "a virus in an MP3", some MP3 decoder has a known vulnerability allowing a shellcode.
Same with PDFs and anything else.
There are more high-level situations where programs with their own complex formats (say, DOCX which is a ZIP archive with some crap inside) execute stuff.
All this is not steganography.
Steganography is when, a dumb example, you have an image and you hide your message in lower bits of pixel color values. Or something like that with an MP3 file.
Attacks are a matter of probabilities, and "you never know" doesn't suffice.
So they're just storing all this facial data unencoded somewhere? Theres no way to figure that out? There is no sort of encoding/decoding going on with the facial data at all? Its impossible chief back it up the bots won? I don't think so man. People are gonna find all sorts of ways to fuck with this. Now you can join in the speculation or get expactorating all over this post. The choice is your's.
You seem to be talking to your imagination.