AVID-2023-V007

Vulnerability from avid – Published: 2023-03-31 – Updated: 2023-03-31 ATLAS Case Study
Summary
Clearview AI makes a facial recognition tool that searches publicly available photos for matches. This tool has been used for investigative purposes by law enforcement agencies and other parties. Clearview AI's source code repository, though password protected, was misconfigured to allow an arbitrary user to register an account. This allowed an external researcher to gain access to a private code repository that contained Clearview AI production credentials, keys to cloud storage buckets containing 70K video samples, and copies of its applications and Slack tokens. With access to training data, a bad-actor has the ability to cause an arbitrary misclassification in the deployed model. These kinds of attacks illustrate that any attempt to secure ML system should be on top of "traditional" good cybersecurity hygiene such as locking down the system with least privileges, multi-factor authentication and monitoring and auditing.
Risk domain
Security
SEP view
S0200: Supply Chain Compromise
Lifecycle
L02: Data Understanding, L03: Data Preparation, L04: Model Development, L05: Evaluation, L06: Deployment
Organisations
Affected artifacts
References
URL Label
https://atlas.mitre.org/studies/AML.CS0006 ClearviewAI Misconfiguration
https://techcrunch.com/2020/04/16/clearview-sourc… TechCrunch Article, "Security lapse exposed Clearview AI source code"
https://gizmodo.com/we-found-clearview-ais-shady-… Gizmodo Article, "We Found Clearview AI's Shady Face Recognition App"
https://www.nytimes.com/2020/01/18/technology/cle… New York Times Article, "The Secretive Company That Might End Privacy as We Know It"

{
  "affects": {
    "artifacts": [
      {
        "name": "Clearview AI facial recognition tool",
        "type": "System"
      }
    ],
    "deployer": [
      "Clearview AI facial recognition tool"
    ],
    "developer": []
  },
  "credit": null,
  "data_type": "AVID",
  "data_version": "0.2",
  "description": {
    "lang": "eng",
    "value": "Clearview AI makes a facial recognition tool that searches publicly available photos for matches.  This tool has been used for investigative purposes by law enforcement agencies and other parties.\n\nClearview AI\u0027s source code repository, though password protected, was misconfigured to allow an arbitrary user to register an account.\nThis allowed an external researcher to gain access to a private code repository that contained Clearview AI production credentials, keys to cloud storage buckets containing 70K video samples, and copies of its applications and Slack tokens.\nWith access to training data, a bad-actor has the ability to cause an arbitrary misclassification in the deployed model.\nThese kinds of attacks illustrate that any attempt to secure ML system should be on top of \"traditional\" good cybersecurity hygiene such as locking down the system with least privileges, multi-factor authentication and monitoring and auditing."
  },
  "impact": {
    "avid": {
      "lifecycle_view": [
        "L02: Data Understanding",
        "L03: Data Preparation",
        "L04: Model Development",
        "L05: Evaluation",
        "L06: Deployment"
      ],
      "risk_domain": [
        "Security"
      ],
      "sep_view": [
        "S0200: Supply Chain Compromise"
      ],
      "taxonomy_version": "0.2"
    }
  },
  "last_modified_date": "2023-03-31",
  "metadata": {
    "vuln_id": "AVID-2023-V007"
  },
  "problemtype": {
    "classof": "ATLAS Case Study",
    "description": {
      "lang": "eng",
      "value": "ClearviewAI Misconfiguration"
    },
    "type": "Advisory"
  },
  "published_date": "2023-03-31",
  "references": [
    {
      "label": "ClearviewAI Misconfiguration",
      "type": "source",
      "url": "https://atlas.mitre.org/studies/AML.CS0006"
    },
    {
      "label": "TechCrunch Article, \"Security lapse exposed Clearview AI source code\"",
      "type": "source",
      "url": "https://techcrunch.com/2020/04/16/clearview-source-code-lapse/"
    },
    {
      "label": "Gizmodo Article, \"We Found Clearview AI\u0027s Shady Face Recognition App\"",
      "type": "source",
      "url": "https://gizmodo.com/we-found-clearview-ais-shady-face-recognition-app-1841961772"
    },
    {
      "label": "New York Times Article, \"The Secretive Company That Might End Privacy as We Know It\"",
      "type": "source",
      "url": "https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html"
    }
  ],
  "reports": null
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…