Hacking with Pictures II

Two years ago, I got all excited about visual inputs as a means of controlling computers. In particular, I got excited about the visual sphere as a means for illicit input — Computers you can hypnotize.

The thing that I find so appealing about retinal scanners is that it’s a technological re-imagining of the salt-of-the-earth gut-check folk wisdom of the need to look someone in the eyes. The machine peers into the depths of your soul and decides if you are who you really say you are and whether you should be allowed in.

Unless, of course, you are a guard rendered unconscious by the super-agent and dragged up to the scanner. Or you are a super-agent in possession of a scan of someone’s eye.

One way or another, the door gets opened.

I’m pleased to report that, two years later, there’s a video where someone uses a picture of himself to fool Android 4.0’s facial recognition lock screen technology.

More to the point:

Re. Android facial unlocking: Bigger danger is cops can hold your face in front of your phone upon arrest. #EFF

Jonathan Steigman @MagicPeaceLove

Meanwhile, here’s some malware straight from Russia that was hidden in a QR code. It’s a Trojan, meaning that in order to run it, you have to give it permission to access your SMS, but that’s just the problem, isn’t it? QR codes aren’t human-readable, so its hard to trust and verify them. You have to let them do their thing to find out what they are.