How many of you would like to know what your age is according to a computer? How many of you would like to know who your celebrity look-a-like is? Did you try one of those web app? How about the mobile app? Wow! you look like that actor?! Congratulations! Wait, we have ten other friends who look like that actor? What a boring world if thousands of you actually look-a-alike one famous actor!
Seriously though, it is just sad how guillible people are. It didn't even actually try to properly score similarity factor. It is sad that people just gave some other people one of the most identifiable factor about them. And the most common excuse, it is just harmless fun. Fun, Vanity - among the many of our frailties that threat actors (hackers, scammers) can exploit or use against us. Yes, our search for fun and validation can be easily used against us.
Biometric authentication is gaining ground in everyday use. The commonplace fingerprint authentication is ... well, commonplace. It's not really passe yet, but the pressure on Tech Companies is high that moving on to other tech or filed of study for innovation is a much better option than releasing a product with features that people do not really see - improved security. Samsung among many of the tech giants began utilizing facial recognition to accessing our devices years ago. Last year, we've seen them using iris scanner to unlock the phone. Several banks here in the Philippines are already testing facial recognition in their finance related app.
Why is it dangerous to use the web apps and mobile apps to see who's your celebrity look-a-like? Well, let's say it again, because you are giving app owners a piece of information that can be used to unlock your device or account in the future. And because the specific instances these kind of apps are available, you are giving them access to your Facebook Account. Doing that is extremely to your disadvantage. We've explained in detail the importance that you do not allow that in our Securing Your Data in Facebook - SocMed Privacy Best Practice - Part 1 and Securing Your Data in Facebook - SocMed Privacy Best Practice - Part 2. Reading those two articles will help you but at this point, you can have no way of retrieving the information or data those applications pulled from your facebook details.
By poking fun at what you did and providing variations, it distracts you from thinking at what you could be actually doing or giving them.
No, you wouldn't really want for someone to write a proof-of-concept attack to prove this. If a proof-of-concept exists, an attack already exists. And it will only be a matter of time that your data is made available in the open and underground information market.
The entire idea here is that you do not give information about yourself. The entire exercise of having an app to morph your face to someone elses is easy to do and allows people to already gather data that can be used against you.
Do you want to be safe online? You want to make sure only have access to your account? Keep data and details which can be used to authenticate you only to yourself. It all begins with the right mindset. If in the future your account is hacked, you only have yourself to blame and you can't say no one ever warned you.
Seriously though, it is just sad how guillible people are. It didn't even actually try to properly score similarity factor. It is sad that people just gave some other people one of the most identifiable factor about them. And the most common excuse, it is just harmless fun. Fun, Vanity - among the many of our frailties that threat actors (hackers, scammers) can exploit or use against us. Yes, our search for fun and validation can be easily used against us.
Biometric authentication is gaining ground in everyday use. The commonplace fingerprint authentication is ... well, commonplace. It's not really passe yet, but the pressure on Tech Companies is high that moving on to other tech or filed of study for innovation is a much better option than releasing a product with features that people do not really see - improved security. Samsung among many of the tech giants began utilizing facial recognition to accessing our devices years ago. Last year, we've seen them using iris scanner to unlock the phone. Several banks here in the Philippines are already testing facial recognition in their finance related app.
Why is it dangerous to use the web apps and mobile apps to see who's your celebrity look-a-like? Well, let's say it again, because you are giving app owners a piece of information that can be used to unlock your device or account in the future. And because the specific instances these kind of apps are available, you are giving them access to your Facebook Account. Doing that is extremely to your disadvantage. We've explained in detail the importance that you do not allow that in our Securing Your Data in Facebook - SocMed Privacy Best Practice - Part 1 and Securing Your Data in Facebook - SocMed Privacy Best Practice - Part 2. Reading those two articles will help you but at this point, you can have no way of retrieving the information or data those applications pulled from your facebook details.
What You Gave Away
You potentially gave away the following data:- Access to your photos and camera.
- Read your photos and upload it while running in the background.
- How you currently look like or how you look like. This can be used to:
- Unlock Your Devices.
- The app having the functionality to post on your facebook wall may likely have the functionality to read other details about you.
- Your Birthday
- Your Phone Number
- Your Email
- Your Family Members
- Your Mother's Maiden Name
The information you potentially gave away can be used to get access to your bank account or any other account for that matter.
Harmless Fun, Variations of the Same Problem
Really? so here's some harmless fun for you.
 |
 |
What's So Bad About A Little Fun/Vanity
We can give you a broad answer for that broad question. You are giving way too much information to people you don't know. It all begins with the mindset. If we can convince people, cigarettes doesn't cause lung cancer. There will be more cigarette smokers. If we can convience it's ok to give away identifiable and authentication information, then we'd have all the data needed to clean out your bank or accounts.No, you wouldn't really want for someone to write a proof-of-concept attack to prove this. If a proof-of-concept exists, an attack already exists. And it will only be a matter of time that your data is made available in the open and underground information market.
The entire idea here is that you do not give information about yourself. The entire exercise of having an app to morph your face to someone elses is easy to do and allows people to already gather data that can be used against you.
Course of Action
Follow the safety practice explained in detail in a two part article:Do you want to be safe online? You want to make sure only have access to your account? Keep data and details which can be used to authenticate you only to yourself. It all begins with the right mindset. If in the future your account is hacked, you only have yourself to blame and you can't say no one ever warned you.
Comments
Post a Comment