Root NationNewsIT NewsGoogle Will Make You Wave at the Camera: New Bot Protection Has Been Hacked with a Simple Photo

Google Will Make You Wave at the Camera: New Bot Protection Has Been Hacked with a Simple Photo

webcam CAPTCHA

© ROOT-NATION.com - Use of content is permitted with a backlink.

Proton VPN

A new technological development from Google, officially named “hand gesture verification” (HGV), is designed to modernize the security algorithms of the reCAPTCHA system using biometric facial recognition tools.

However, the initial testing phases have demonstrated its complete failure. Critics also highlight significant threats to user privacy arising from the need to grant large tech corporations access to users’ biometric data.

Read also: AERONAUT – everything that flies above the ground: aviation, UAVs and drones, rockets, and space

According to Google’s explanation, the HGV system relies on a mandatory connection to the device’s webcam, which is supposed to capture one or more short video clips of the user’s palm. To pass the verification successfully, a person must wave their hand or perform other specific gestures in front of the camera. This footage is then analyzed by algorithms to identify key biometric markers, which are intended to verify the user’s authenticity and filter out automated systems.

webcam CAPTCHA

Despite the developers’ hopes that biometrics would enhance security, real-world tests proved HGV to be ineffective. Researchers found that this security measure can be easily bypassed using ordinary stock photos and the virtual camera tool in OBS Studio. Attackers simply need to replicate the required gesture using a static image, and the OBS software allows them to completely bypass the need for a physical optical sensor on the computer. Modern machine learning methods make it easy to automate this workaround by combining the Python programming language with pre-made images of hands.

Beyond the obvious technical flaws, the HGV initiative raises serious concerns among privacy advocates. They point out that such innovations are gradually turning constant background surveillance by tech giants into a social norm, forcing people to grant access to their cameras just to browse the web.

In response to the allegations, Google asserts that the recorded video footage is used exclusively for palm motion recognition and is immediately deleted upon the completion of the session. It also claims that the recordings are not linked to any specific individual’s personal data, and that no audio is recorded at all. However, a recent incident involving the recovery of supposedly deleted video files on the Nest service proves that the company’s cloud infrastructure is capable of storing large amounts of data even when customers lose access to it. Despite any provisions in user agreements, the Mountain View-based corporation will likely attempt to gather as much data as possible to train its own Gemini model, disregarding potential privacy risks.

Read also:

Sourcetechspot
Subscribe
Notify of
guest

0 Comments
Newest
OldestMost Voted