AVID-2023-V007
Vulnerability from avid – Published: 2023-03-31 – Updated: 2023-03-31 ATLAS Case StudySummary
Clearview AI makes a facial recognition tool that searches publicly available photos for matches. This tool has been used for investigative purposes by law enforcement agencies and other parties.
Clearview AI's source code repository, though password protected, was misconfigured to allow an arbitrary user to register an account.
This allowed an external researcher to gain access to a private code repository that contained Clearview AI production credentials, keys to cloud storage buckets containing 70K video samples, and copies of its applications and Slack tokens.
With access to training data, a bad-actor has the ability to cause an arbitrary misclassification in the deployed model.
These kinds of attacks illustrate that any attempt to secure ML system should be on top of "traditional" good cybersecurity hygiene such as locking down the system with least privileges, multi-factor authentication and monitoring and auditing.
Risk domain
Security
SEP view
S0200: Supply Chain Compromise
Lifecycle
L02: Data Understanding, L03: Data Preparation, L04: Model Development, L05: Evaluation, L06: Deployment
Organisations
Clearview AI facial recognition tool (deployer)
Affected artifacts
1 artifact
| Artifact | Type |
|---|---|
| Clearview AI facial recognition tool | System |
References
4 references
| URL | Label |
|---|---|
| https://atlas.mitre.org/studies/AML.CS0006 | ClearviewAI Misconfiguration |
| https://techcrunch.com/2020/04/16/clearview-sourc… | TechCrunch Article, "Security lapse exposed Clearview AI source code" |
| https://gizmodo.com/we-found-clearview-ais-shady-… | Gizmodo Article, "We Found Clearview AI's Shady Face Recognition App" |
| https://www.nytimes.com/2020/01/18/technology/cle… | New York Times Article, "The Secretive Company That Might End Privacy as We Know It" |
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…