APromptRiskDBThreat intelligence atlas
AI Case Study

ClearviewAI Misconfiguration - AI Case Study

Clearview AI makes a facial recognition tool that searches publicly available photos for matches. This tool has been used for investigative purposes by law enforcement agencies and other parties. Clearview AI's source code repository, though password protected, was misconfigured to allow an arbitrary user to register an account. This allowed an external researcher to gain access to a private code repository that c...

View attack chainRead summary
IncidentClearview AI facial recognition toolResearchers at spiderSilkResource DevelopmentCollectionImpact

Overview

Case steps4Steps described in the case record.
Techniques4Attack methods mentioned in the case steps.
Linked CVEs0Known vulnerabilities mentioned in the record.

Risk patterns

Patterns found in the case record and its linked vulnerabilities.

  • 1Dominant ATLAS tactic. Resource Development appears in 2 case steps.
  • 2Multiple attack methods. The case connects to 4 unique AI attack methods.

Procedure timeline

Search the case steps or filter them by attacker goal.

Resource Development2Collection1Impact1
  1. Resource Development

    A security researcher gained initial access to Clearview AI's private code repository via a misconfigured server setting that allowed an arbitrary user to register a valid account.

  2. Collection

    The private code repository contained credentials which were used to access AWS S3 cloud storage buckets, leading to the discovery of assets for the facial recognition tool, including: - Released desktop and mobile applications - Pre-release applications featuring new capabilities - Slack access tokens - Raw videos and other data

  4. Impact

    As a result, future application releases could have been compromised, causing degraded or malicious facial recognition capabilities.

Related CVEs

Known software flaws mentioned in the case record.

No related CVEs found for this case. Built from MITRE ATLAS case study records and listed case steps.

Mitigations

Defenses connected to the attack methods in this case.

Adversarial Input Detection

Detect and block adversarial inputs or atypical queries that deviate from known benign behavior, exhibit behavior patterns observed in previous attacks or that come from potentially malicious IPs. Incorporate adversarial detection algorithms into the AI system prior to the AI model.

Input Restoration

Preprocess all inference data to nullify or reverse potential adversarial perturbations.

Limit Public Release of Information

Limit the public release of technical information about the AI stack used in an organization's products or services. Technical knowledge of how AI is used can be leveraged by adversaries to perform targeting and tailor attacks to the target system. Additionally, consider limiting the release of organizational information - including physical locations, researcher names, and department structures - from which technical details such as AI techniques, model architectures, or datasets may be inferred.

Model Hardening

Use techniques to make AI models robust to adversarial inputs such as adversarial training or network distillation.

Use Ensemble Methods

Use an ensemble of models for inference to increase robustness to adversarial inputs. Some attacks may effectively evade one model or model family but be ineffective against others.

Sources

Original public records and references for this case.

Original source

Original source links

Open the MITRE ATLAS data and public references used for this case study.

Repositoryhttps://github.com/mitre-atlas/atlas-dataATLAS.yamlhttps://github.com/mitre-atlas/atlas-data/blob/main/dist/ATLAS.yamlSchemahttps://github.com/mitre-atlas/atlas-data/blob/main/dist/schemas/atlas_output_schema.jsonTechCrunch Article, "Security lapse exposed Clearview AI source code"https://techcrunch.com/2020/04/16/clearview-source-code-lapse/Gizmodo Article, "We Found Clearview AI's Shady Face Recognition App"https://gizmodo.com/we-found-clearview-ais-shady-face-recognition-app-1841961772New York Times Article, "The Secretive Company That Might End Privacy as We Know It"https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html