:quality(75)/cloudfront-us-east-1.images.arcpublishing.com/elcomercio/UYZBU72JDZBJFKYUPQZEBI3LSM.jpg)
Spanish border controls have recently detected a threat called ‘morphing’, characterized by the computer manipulation of passport photographs and identity documents in order to falsify these documents and circumvent the facial biometric systems of security.
The so-called ‘smart borders‘ have been implemented in Spain since 2018, as recalled by the provider of identification, traceability and authentication solutions SICPA in a press release sent to Europa Press.
LOOK: LinkedIn, the new target of cybercriminals and their phishing campaigns
The first biometric system was installed that year in various controls located in different parts of the country, such as ports, airports and even highways. This identification procedure integrates a series of factors, ranging from the facial and fingerprint registration to the scanning of the passport and the consultations in the national and international police databases.
This technological advance has given rise to the development of techniques aimed at falsification of personal profiles. Among them, the so-called ‘morph’computer method used by mafias to make a transition between two different images, impersonate identities and overcome biometric controls.
This technology has been accompanied by the pandemic, which “has led to a growth in companies that have adopted online registration as their offices are closed, creating an environment that is more susceptible to this type of attack”, commented the director of Authentication of WatchGuard Technologies, Alex Cagnoni, in statements collected by Europa Press.
Thanks to ‘morph’criminals can travel freely through borders and customs, in addition to releasing smartphones and entering web pages containing confidential data of their victims.
For his part, the threat researcher and head of the Trend Micro Iberia research team, David Sancho, has revealed that attempts to enter European borders with manipulated passports have already been detected. ‘morph’.
LOOK: How did your contacts save you? Risks of suspicious applications
How is ‘morphing’ used?
The techniques used to carry out the process of ‘morph’ they lean on the Artificial Intelligence (AI) in a similar way to the ‘deepfakes’who use this technology to create fake content, according to Sancho.
The procedure consists of “interpolating images to form a spectrum in which each of the two starting photographs are at the extremes”, he pointed out.
To create this spectrum of intermediate images, a series of algorithms are used that distort the image pixel by pixel, with the aim of making it look like the final image. This is repeated until, after a series of iterations, the transition is complete and the final, apparently original and unmodified image is obtained.
LOOK: Cybersecurity: the Pegasus case triggers cell phone searches without Internet
The most used algorithm to carry out transitions with two different images is the Beier-Neelywhich owes its name to its two creators, Thad Beier and Shawn Neely.
After carrying out this process, an image will be generated between the original and the modified model that “is half of one and half of the other” and, therefore, must resemble “the two original photographs”, according to the person in charge of the team Research Trend Micro Iberia.
To know exactly which one to keep from that spectrum of photographs, the expert points out that there are different software programs that automate this process, such as Adobe After Effectsas well as websites such as MorphThing.
How to protect yourself from ‘morphing’?
This researcher has also ensured that, in case someone loses their passport or someone steals it, “normally, its owner files a complaint and thus prevents entry to a country.” However, this measure would not be enough and “would not be of much use if the document is used for other purposes, such as create false identities with bank accounts”, added Sancho.
In turn, this researcher considers that digital control at border posts is an aspect that the different countries must take into account, in addition to visually validating the entry and exit of people at the borders. “It needs to be done electronically, not with the naked eye. It is a technical challenge that can cause a delay at the border posts”, he argued.
LOOK: Systems ‘in the cloud’ of companies are used for cryptocurrency mining
For his part, Cagnoni has advised victims to make sure “that they provide up-to-date photos for any new documents” in order to avoid being victims of the attack. ‘morph’. In addition, it has recommended both companies, governments and border controls “take good measures to verify identity, such as a more comprehensive analysis of the live face or a more precise analysis of facial geometries”.
In this sense, it is also necessary to implement two-factor authentication. On the one hand, the face biometrics and, on the other, a confirmation message sent to the user’s mobile phone. “If one factor is compromised, there is still another to check,” she has assured.
LOOK: Is a world without passwords possible? Apple, Google and Microsoft are already on their way to it
How do I reinforce the security of my information?
To reinforce the security and integrity of citizens, SICPA experts have developed a system that takes the original photograph of an identity document (DNI, passport or identity card) and converts it into a ‘visualhash’.
This 20-byte encrypted code integrates a series of cryptographic algorithms that are embedded in a secure QR code. This procedure is capable of preventing subsequent falsifications as it is a unidirectional process, since the QR cannot go the other way and become the original photograph.
This firm specializing in security solutions has highlighted that its procedure also facilitates the exchange of information between countries due to the size of the ‘visualhash’. Likewise, it has ensured that thanks to this method the biometric verification processes in the border controls of the different states can be speeded up.
Source: Elcomercio
