By Deeba Ahmed
Samsung Message Guard is a new feature that protects users against zero-click attacks, including those appearing from messaging apps.
This is a post from HackRead.com Read the original post: New Samsung Message Guard protects users against Zero-Click attacks

Samsung Message Guard will inspect the file bit by bit and process it in a controlled environment, thus neutralizing the threat to ensure the malicious file doesn’t infect the device.

Zero-Click attacks have become very powerful and widespread, mainly due to their ease of deployment. With the evolution of zero-click attacks, mobile phone manufacturers, such as Samsung, are also improving their defence mechanisms against such threats. Samsung Message Guard is one such step that prevents users from zero-click exploits on Samsung Galaxy S23 smartphones.

**What are Zero-Click Attacks?**

Zero-click exploits can install malware on a device using just a JPEG or PNG image file. They are pretty dangerous, as the user doesn’t need to interact with the file, such as clicking or tapping on it, to get their device infected. Users cannot detect these exploits while the malicious code steals their private data and transmits it to hackers.

As previously reported, state-sponsored cybercriminals used zero-click attacks to install NSO Group’s spyware Pegasus onto the mobile phones of dissidents, government officials, activists, politicians, and journalists.

**Samsung Message Guard Will Protect Against Zero-Click Attacks**

Samsung Galaxy smartphones are already equipped with advanced safety measures and a powerful Samsung Knox platform that thwart attacks exploiting audio and video formats. With Samsung Message Guard, the company has taken another step to safeguard its devices and restrict their exposure to malicious codes hidden in image attachments.

According to Samsung’s press release, this feature will work on Samsung Messages and Messages by Google. The company will also release an update to make this feature compatible with third-party messaging apps.

> Simply put, Samsung Message Guard automatically neutralizes any potential threat hiding in image files before they have a chance to do you any harm. It also runs silently and largely invisibly in the background and does not need to be activated by the user.
> 
> Samsung

**How Does Message Guard Prevent Zero-Click Attacks?**

You can consider it an advanced sandbox or a virtual quarantine; it will run in the background with the Messages app. As soon as any image file is received, it will be isolated from the rest of the data to prevent any hidden malicious code from accessing the device data or interacting with the OS.

Samsung Message Guard will inspect the file bit by bit and process it in a controlled environment, thus neutralizing the threat to ensure the malicious file doesn’t infect the device.

Message Guard will look for malware in PNG, JPG, JPEG, GIF, ICO, WEBP, BMP, and WBMP formats. The feature will be rolled out to different versions of Galaxy smartphones and tablets running One UI 5.1 or above versions.

New Samsung Message Guard protects users against Zero-Click attacks

Samsung has announced a new feature called Message Guard that comes with safeguards to protect users from malware and spyware via what's referred to as zero-click attacks.
The South Korean chaebol said the solution "preemptively" secures users' devices by "limiting exposure to invisible threats disguised as image attachments."
The security feature, available on Samsung Messages and Google

Mobile Security / Zero Day

Samsung has announced a new feature called **Message Guard** that comes with safeguards to protect users from malware and spyware via what's referred to as zero-click attacks.

The South Korean chaebol said the solution "preemptively" secures users' devices by "limiting exposure to invisible threats disguised as image attachments."

The security feature, available on Samsung Messages and Google Messages, is currently limited to the Samsung Galaxy S23 series, with plans to expand it to other Galaxy smartphones and tablets later this year that are running on One UI 5.1 or higher.

Zero-click attacks are highly-targeted and sophisticated attacks that exploit previously unknown flaws (i.e., zero-days) in software to trigger execution of malicious code without requiring any user interaction.

Unlike traditional methods of remotely exploiting a device wherein threat actors rely on phishing tactics to trick a user into clicking on a malicious link or opening an rogue file, such attacks circumvent the need for social engineering entirely and provide an adversary with an entry point.

A majority of the zero-click exploits are engineered to take advantage of vulnerabilities in applications such as messaging, SMS, or email apps that receive and process untrusted data.

As a result, if there exists a security vulnerability in the manner an app interprets the incoming data, a threat actor could weaponize this shortcoming to craft a malicious image that, when sent to a target's device, automatically executes the code embedded within it.

The lack of interaction involved in zero-click attacks means there are fewer traces of any nefarious activity, making them highly-prized tools to deliver spyware capable of monitoring individuals and harvesting a wealth of sensitive information.

Samsung's Message Guard works against a number of image formats, including PNG, JPG/JPEG, GIF, ICO, WEBP, BMP, and WBMP, and essentially acts as a sandbox that's designed to quarantine images received via the app from the rest of the operating system.

"Message Guard checks the file bit by bit and processes it in a controlled environment to ensure it cannot infect the rest of your device," the company said.

The feature is also analogous to a feature in Apple's iMessage called BlastDoor that the tech giant incorporated in iOS 14 as a means to counter zero-click attacks via its messaging app.

Apple, last year, also introduced an "extreme, optional protection" setting dubbed Lockdown Mode that hardens iPhones and iPads against "extremely rare and highly sophisticated cyber attacks."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Samsung Introduces New Feature to Protect Users from Zero-Click Malware Attacks

Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild.
The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month.
Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are

Patch Tuesday / Software Updates

Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild.

The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month.

Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are classified as remote code execution (RCE) flaws. The three zero-days of note that have been exploited are as follows -

*   **CVE-2023-21715** (CVSS score: 7.3) - Microsoft Office Security Feature Bypass Vulnerability
*   **CVE-2023-21823** (CVSS score: 7.8) - Windows Graphics Component Elevation of Privilege Vulnerability
*   **CVE-2023-23376** (CVSS score: 7.8) - Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability

"The attack itself is carried out locally by a user with authentication to the targeted system," Microsoft said in advisory for CVE-2023-21715.

"An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer."

Successful exploitation of the above flaws could enable an adversary to bypass Office macro policies used to block untrusted or malicious files or gain SYSTEM privileges.

CVE-2023-23376 is also the third actively exploited zero-day flaw in the CLFS component after CVE-2022-24521 and CVE-2022-37969 (CVSS scores: 7.8), which were addressed by Microsoft in April and September 2022.

"The Windows Common Log File System Driver is a component of the Windows operating system that manages and maintains a high-performance, transaction-based log file system," Immersive Labs' Nikolas Cemerikic said.

"It is an essential component of the Windows operating system, and any vulnerabilities in this driver could have significant implications for the security and reliability of the system."

It's worth noting that Microsoft OneNote for Android is vulnerable to CVE-2023-21823, and with the note-taking service increasingly emerging as a conduit for delivering malware, it's crucial that users apply the fixes.

Also addressed by Microsoft are multiple RCE defects in Exchange Server, ODBC Driver, PostScript Printer Driver, and SQL Server as well as denial-of-service (DoS) issues impacting Windows iSCSI Service and Windows Secure Channel.

Three of the Exchange Server flaws are classified by the company as "Exploitation More Likely," although successful exploitation requires the attacker to be already authenticated.

Exchange servers have proven to be high-value targets in recent years as they can enable unauthorized access to sensitive information, or facilitate Business Email Compromise (BEC) attacks.

**Software Patches from Other Vendors**

Besides Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including —

*   Adobe
*   AMD
*   Android
*   Apple
*   Atlassian
*   Cisco
*   Citrix
*   CODESYS
*   Dell
*   Drupal
*   F5
*   GitLab
*   Google Chrome
*   HP
*   IBM
*   Intel
*   Juniper Networks
*   Lenovo
*   Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
*   MediaTek
*   Mozilla Firefox, Firefox ESR, and Thunderbird
*   NETGEAR
*   NVIDIA
*   Palo Alto Networks
*   Qualcomm
*   Samba
*   Samsung
*   SAP
*   Schneider Electric
*   Siemens
*   Sophos
*   Synology
*   Trend Micro
*   VMware
*   Zoho, and
*   Zyxel

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities

In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244216503

_Published February 6, 2023_

The Android Automotive OS (AAOS) Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2023-02-05 or later from the February 2023 Android Security Bulletin in addition to all issues in this bulletin.

We encourage all customers to accept these updates to their devices.

The issue in this bulletin is a high security vulnerability in the Platform Service component that could lead to local escalation of privilege with no additional execution privileges needed. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

**Announcements**

*   In addition to the security vulnerabilities described in the February 2023 Android Security Bulletin, the February 2023 Android Automotive OS Update Bulletin also contains patches specifically for AAOS vulnerabilities as described below.

**2023-02-01 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-02-01 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Devices with Android 10 and later may receive security updates as well as Google Play system updates.

**Platform Service**

The vulnerability in this section could lead to local escalation of privilege with no additional execution privileges needed.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-20927

A-244216503

EoP

High

13

**Common questions and answers**

This section answers common questions that may occur after reading this bulletin.

**1\. How do I determine if my device is updated to address these issues?**

To learn how to check a device's security patch level, read the instructions on the Google device update schedule.

*   Security patch levels of 2023-02-01 or later address all issues associated with the 2023-02-01 security patch level.

Device manufacturers that include these updates should set the patch string level to:

*   \[ro.build.version.security\_patch\]:\[2023-02-01\]

For some devices on Android 10 or later, the Google Play system update will have a date string that matches the 2023-02-01 security patch level. Please see this article for more details on how to install security updates.

**2\. What do the entries in the _Type_ column mean?**

Entries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.

 

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

**3\. What do the entries in the _References_ column mean?**

Entries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

 

Prefix

Reference

A-

Android bug ID

QC-

Qualcomm reference number

M-

MediaTek reference number

N-

NVIDIA reference number

B-

Broadcom reference number

U-

UNISOC reference number

**4\. What does an \* next to the Android bug ID in the _References_ column mean?**

Issues that are not publicly available have an \* next to the corresponding reference ID. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.

**5\. Why are security vulnerabilities split between this bulletin and device / partner security bulletins, such as the Pixel bulletin?**

Security vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device / partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as Google, Huawei, LGE, Motorola, Nokia, or Samsung.

**Versions**

  

Version

Date

Notes

1.0

February 6, 2023

Bulletin Published

CVE-2023-20927: Android Automotive OS Update Bulletin—February 2023

Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer  
Samsung Electronics (UK) Limited  
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

**Cookies**

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

**Essential Cookies**: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie

Domain

Purpose

JSESSIONID

security.samsungmobile.com

to keep login session

lastActivityTime

security.samsungmobile.com

to save the user's last activity time to automatically logout after 30 minutes of inactivity

**Managing Cookies and Other Technologies**

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

CVE-2023-21434: Samsung Mobile Security

Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner&#39;s widget without authorization via gesture setting.

CVE-2023-21450: Samsung Mobile Security

Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture.

CVE-2023-21440: Samsung Mobile Security

A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions.

CVE-2023-21451: Samsung Mobile Security

An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.

CVE-2023-21419: Samsung Mobile Security

Moscow promised residents lower crime rates through an expansive smart city project. Then Vladimir Putin invaded Ukraine.

Sergey Vyborov was on his way to the Moscow Metro’s Aeroport station last September when police officers stopped him. The 49-year-old knew that taking the metro could spell trouble. During a protest against Russia’s invasion of Ukraine, police had fingerprinted and photographed him. He’d already been detained four times in 2022. But he was rushing to his daughter’s birthday, so he took a chance.

Vyborov wasn’t arrested that day, but the police informed him that he was under surveillance through Sfera, one of Moscow’s face recognition systems, for participating in unsanctioned rallies. Considered one of the most efficient surveillance systems, Sfera led to the detention of 141 people last year. “Facial recognition, and video cameras in general in a totalitarian state, are an absolute evil,” Vyborov says. 

Vyborov finds himself at the bottom of a slippery slope that privacy advocates have long warned about. Under the guise of smart city technology, authoritarian and democratic governments have rolled out huge networks of security cameras and used artificial intelligence to try to ensure there is no place to hide. Cities have touted the ability of such systems to tackle crime, manage crowds, and better respond to emergencies. Privacy campaigners say such systems could be used as tools of oppression. In Moscow, Vyborov and countless others now face that oppression on a daily basis.

The Russian capital is now the seventh\-most-surveilled city in the world. Across Russia, there are an estimated 21 million surveillance cameras, and the country ranks among the top in the world in terms of the number of connected surveillance cameras. The system created by Moscow’s government, dubbed Safe City, was touted by city officials as a way to streamline its public safety systems. In recent years, however, its 217,000 surveillance cameras, designed to catch criminals and terrorists, have been turned against protestors, political rivals, and journalists. 

“Facial recognition was supposed to be the ‘cherry on top,’ the reason why all of this was built,” says a former employee of NTechLab, one of the principal companies building Safe City’s face recognition system.

Following Russia’s invasion of Ukraine, Safe City’s data collection practices have become increasingly opaque. The project is now seen as a tool of rising digital repression as Russia wages war against Ukraine and dissenting voices within its own borders. It is an example of the danger smart city technologies pose. And for the engineers and programmers who built such systems, its transformation into a tool of oppression has led to a moment of reckoning. 

An Innocent Start

Founded in 2015, NTechLab caught the attention of the global press with the February 2016 launch of FindFace, an app that allowed anyone to identify faces by matching them with images gathered from social network VKontakte, Russia’s Facebook equivalent. Met with warnings of the “end to public anonymity,” the app was reportedly downloaded by 500,000 people within two months of its launch. But for NTechLab, it was primarily a proof of concept for its nascent face recognition algorithm.

NTechLab still felt like a startup when one former employee, who asked not to be named for privacy reasons, joined the company. And he was drawn in by the complexity of the work.

“From \[an\] engineering point of view, it’s very interesting to work with: It’s very difficult,” he says. 

After the release of FindFace, NTechLab began selling its face recognition tech to small businesses, such as shopping malls that could use it to catch shoplifters or see how many people return to certain stores. But NTechLab was also working with the Moscow Department of IT Technology (DIT), the government department tasked with building Moscow’s digital infrastructure. In 2018, when Russia hosted the FIFA World Cup, NTechLab’s face recognition tech was connected to more than 450 security cameras around Moscow, and its tech reportedly helped police detain 180 people whom the state deemed “wanted criminals.”

At its inception, Moscow’s face recognition system was fed official watchlists, like the database of wanted people. The system uses these lists to notify the police once a person on the list is detected, but law enforcement can also upload an image and search for where a person has appeared. Over the years, security and law enforcement agencies have compiled a database of the leaders of the political opposition and prominent activists, according to Sarkis Darbinyan, cofounder of digital rights group Roskomsvoboda, which has been campaigning for a suspension of the technology. It remains unclear who is in charge of adding activists and protesters to watchlists.

In March 2019, following the success of the World Cup trial—some of Russia’s “most wanted” people were arrested while trying to attend matches—the Moscow Department of Transportation, which operates the city’s metro, launched its own surveillance system, Sfera. By October 2019, 3,000 of the city’s 160,000 cameras were enabled with face recognition tech, according to interior minister Vladimir Kolokoltsev.

NTechLab was one of many companies building the slew of systems that would later be branded Safe City. International companies, from US tech firms such as Nvidia, Intel, and Broadcom to South Korea’s Samsung and Chinese camera maker Hikvision, worked alongside local firms such as HeadPoint, Netris, and Rostelecom that have developed various components of the surveillance systems. According to procurement documents cited by the UK’s BBC, three companies besides NTechLab created face recognition tech for Moscow’s growing surveillance apparatus, including Tevian, and Kipod, and VisionLabs. Moscow's Transportation Department said in social media posts that Sfera was built using VisionLabs technology, although the company downplays its involvement.

NtechLab says it operates in compliance with local laws and does not have access to customer data or camera video streams. Nvidia and Intel say they left Russia in 2022, with Nvidia adding that it does not create software or algorithms for surveillance. Broadcom and Samsung also say they stopped doing business in Russia following the invasion. VisionLabs says it only provides the Moscow Metro with its face recognition payment system. Other companies did not respond to requests for comment. The DIT and the Moscow Department of Transportation did not respond to requests for comment.

At the end of 2018, as Russia cracked down harder on political dissent online and in the streets, the DIT started to change, says a former employee who asked to remain anonymous for safety reasons. The department used to just be the “technical guys” providing assistance to security services, with the Moscow government recruiting highly paid IT specialists to make the most efficient systems possible, according to Andrey Soldatov, an investigative journalist and Russian security services expert. But according to the former employee, the DIT was beginning to reflect the Kremlin’s authoritarian bent.

Then came Covid. 

Safe City launched in 2020, at the height of the Covid-19 pandemic. Russia, like some other countries, seemingly used the pandemic as grounds to expand its surveillance systems to catch people breaking self-isolation rules. By mid-March 2020, Safe City’s face recognition system had caught 200 people breaking lockdown restrictions. At the same time, Moscow introduced a regulatory sandbox for the development of AI applications with the participation of large IT companies, exempting authorities from the country’s already lax data protection requirements. “With Covid, \[the DIT\] essentially became a part of the repressive apparatus,” says Soldatov.

In addition to its network of more than 200,000 cameras, Safe City also incorporates data from 169 information systems, managing data on citizens, public services, transportation, and nearly everything else that makes up Moscow’s infrastructure. This includes anonymized cell phone geolocation data collection, vehicle license plate recognition, data from ride-hailing services, and voice recognition devices. As Safe City was still rolling out in 2020, the Russian government announced plans to spend $1.3 billion deploying similar Safe City systems across Russia. From the outside, the potential for the system to be abused seemed obvious. But for those involved in its development, it looked like many other smart city projects. “No one expected that the country would turn into hell in two years,” says one former NTechLab employee, who asked to remain anonymous for safety reasons.

The Black Box Problem

Attempts to break open Moscow’s digital black box have been stonewalled. Alena Popova, whose image was captured during a protest against politician Leonid Eduardovich Slutsky in April 2018, filed the first lawsuit against Moscow’s DIT for allegedly violating her privacy, seeking a ban on face recognition tech. The case was thrown out, but Popova has continued to file lawsuits, including one at the European Court of Human Rights—which Russia is no longer a part of. 

While Moscow operates one of the world’s most pervasive surveillance systems, Russian law does not safeguard individual privacy. With seemingly no hope of recourse, some activists have been forced to leave Russia altogether. Popova is now on the list of foreign agents and is living in an undisclosed overseas location. “I will not apply to any political asylum in any country because I would like to go back to my own country and fight back,” she says.

A key concern is that Moscow’s surveillance system was designed to conceal its data collection from Moscow’s 12 million residents, says Sergey Ross, founder of the Collective Action Center think tank and a former Moscow politician. Although the system is run by the Moscow government, elected members of the Moscow City Duma say they are excluded from regulating face recognition systems and have little insight into how it is being used. “It’s a complete black box,” says Ross.

“It was clear that sooner or later the technology would be used to catch activists and dissenters,” says Roskomsvoboda’s Darbinyan. 

Russia made almost 20,500 political arrests in 2022, according to data from human rights media organization OVD-Info, which characterizes the number as “unprecedented.” The arrests have sparked fears that Safe City will be expanded to catch draft dodgers—although former NTechLab employees say that doing so would be technically difficult to pull it off because of too many false positives. Still, Moscow police appear to be using face recognition to aid Russia’s war efforts in other ways.

In September 2022, just after Putin announced additional mobilization for the war against Ukraine, Viktor Kapitonov, a 27-year-old activist who’d protested regularly since 2013, was stopped by two police officers after being flagged by face recognition surveillance while he approached the turnstiles in Moscow’s marble-covered Avtozavdodskaya metro station. The officers took him to the military recruitment office, where around 15 people were waiting to enlist in Putin’s newly announced draft. 

“They let me in without waiting in line as if I were some sort of VIP person,” he says. The recruiters wanted to force Kapitonov to enlist, but he ended up escaping the draft. “I explained that I am not fit, I have a disability.”

A Guilty Conscience

From 2017 to 2020, NTechLab became one of Russia’s fastest-growing companies. Other face recognition firms have cashed in as well: The revenue of Russian face recognition developers grew between 30 and 35 percent in 2022, thanks in part to deals struck in the Middle East, Southeast Asia, India, and South America. Russia’s national AI strategy has supported such firms with grants, tax exemptions, and subsidies, which have benefited both startups and state corporations, including tech and finance giant Sber, telecom provider Rostelecom, and defense firm Rostec, which previously owned a minority stake in NTechLab. While NTechLab continues to work globally, reporting a revenue increase of 35 percent in 2022, it has also faced a backlash against its work with the Russian state.

In June of last year, a “name-and-shame” list of NTechLab employees was published \[in Russian\] with information collected from social media. The project went viral, and some employees reported being harassed online. Artem Zinnatullin, a software engineer now based in the US, says he published the list after NTechLab sold its new silhouette recognition technology to the Moscow government in June 2022. To him, it signaled support for Russia’s war in Ukraine. In the post, he called NTechLab “the blacksmith of the Digital Gulag.” Zinnatullin, who says he knew people arrested with the help of face recognition technology, believes publishing the list of NTechLab employees was only fair. “You recognize people on the street, it’s only fair if we use public data to recognize who you are,” he says.

Unlike many face recognition companies that keep a low profile, NTechLab’s splash with FindFace has turned it into a recognized brand. Employees say this high profile has made them into scapegoats. 

As arrests of activists and politicians mounted, the ethics of NTechLab’s technology became a recurring topic at company meetings. NTechLab staff have resisted the use of the company’s face recognition in rallies and refused to sell the technology to the military, according to people familiar with these discussions. Still, the NTechLab leadership concluded that the technology was ultimately positive—even if the occasional dissenting voice was arrested because of it. 

“We all saw these positive examples, we saw how it really catches criminals,” says one former NTechLab employee. “Most people in NTechLab would say they were doing something very good, technologies that can help and save people’s lives. It really did.”

As Russia furthered its march toward authoritarianism in 2021, NTechLab leadership began talking about moving the company abroad, according to people familiar with internal company discussions. But with lucrative government contracts abounding—NTechLab received a $13 million investment from the Russian Direct Investment Fund, the country’s sovereign wealth fund, in September 2020—its investors resisted the idea. The company was also changing. Its founders, Alexander Kabakov and Artem Kukharenko, stepped down from NTechLab—and both left Russia in December 2021 and February 2022, respectively, declaring their anti-war stance on social media. 

Other employees left amid an exodus of IT talent from Russia. The war changed how they viewed their work. “Looking back, we realize that we shouldn’t have done it,” says an NTechLab employee. “But even in 2017 and 2018, it was a completely different country. At least, that’s how it seemed to those who weren’t very immersed in politics.”

A Growing Threat

Russia’s Safe City projects show no sign of slowing. As more surveillance systems are deployed across the country, Moscow’s DIT is planning to centralize video streams collected across all regions into its own system. And new projects to digitize public services may make it even easier for the government to eventually create large databases where everyone can be found, according to Popova. “It is really scary,” she says. “If they digitalize all the databases and combine them to make this joint database, they can find everybody.” In July, Putin signed a federal law that funnels personal biometric data collected in the country into a single system—an effort to obtain an “almost unlimited monopoly” on the collection and storage of biometrics, says Roskomsvoboda’s Darbinyan. 

In a further expansion of the Safe City project, Rostec is also reportedly developing software that will help authorities predict riots and prevent their escalation by analyzing media reports, data from social networks, video cameras, and other sources. Rostec did not respond to a request for comment on its development of these systems.

Similar systems have been developed in some Chinese cities, and Russia is now playing catch-up. “The Russian government would probably like to move toward China, but they do not yet have the necessary technology,” says Kiril Koroteev, head of international practice at the Russia-based Agora International Human Rights Group.

For now, many activists in Russia are left to do whatever they can to skirt the country’s growing surveillance apparatus, including avoiding the Moscow Metro. Kapitonov hopes that a balaclava will keep him safe, while Vyborov aims to ride the metro early in the morning, when there are fewer police around to detain him. 

“I think that it was inevitable that such a system would be made sooner or later,” says one former NTechLab employee. Face recognition is like a knife, he says: It can be used to cut food, but it can also be used to cut innocent people. He now regrets that NTechLab played a key role in building Moscow’s Safe City project. He has left Russia and doesn’t think he will work on face recognition again. “I do not want to mess with it anymore,” he says.

_Update 9:25 am ET, February 6, 2023: Clarified the role of VisionLabs in the Sfera system and that NTechLab's founders have since left the company._

Tag

#samsung