I have, over the years, reported on many everyday devices that have been hacked in terrifyingly wonderful ways: light bulbs, vacuum cleaners, and most recently bicycles. ow, the most privacy-invasive of such hacks has come to my attention thanks to an alarming story first published at The Register: real x-ray specs that can dox anyone on sight. Here’s what you need to know.
Introducing I-XRAY: The AI Glasses That Can Dox People On Sight
AnhPhu Nguyen and Caine Ardayfio, a human augmentation and physics researcher at Harvard, respectively, have published a paper that details how the project to build real x-ray specs has led them to construct a device that can grab someone’s name, home address, phone number and even details of relatives, just by looking at them.
Motivated by a desire to demonstrate the privacy dangers that so-called smart technology, including large language model AI, can bring with it, the duo are quick to point out the research is not meant to be abused and, as such, they won’t be releasing the exact technical details required to make the doxxing glasses.
“Our goal is to demonstrate the current capabilities of smart glasses, face search engines, LLMs, and public databases,” they said, “raising awareness that extracting someone’s home address and other personal details from just their face on the street is possible today.”
As far as the mechanics of the x-ray specs project goes, what the pair of hackers have confirmed is that all five technologies used are new but readily available.
- Off-the-shelf smart glasses equipped with a camera, in the case of I-XRAY a pair of Meta Ray Bans 2 were used. The researchers chose these are they were the most normal looking pair of smart specs they could find.
- Facial recognition might not be new, but the ability to achieve reverse facial recognition is, relatively speaking. An image iOS processed by facial recognition models that are much the same as those used in publicly available face search engines such as PimEyes and FaceCheck.id, the researchers said.
- Large language model data extraction is a much newer technology that allows the scraping of URLs to infer details such as name and address from otherwise unorganized data.
- Next is a home address lookup engine, such as FastPeopleSearch, that allows users to find personal information from publicly available records with just a name to work from.
- And finally, the hackers said, a social security number lookup service such as Cloaked which can return partial social security numbers from telephone numbers.
The Real X-Rays Specs Unique Selling Point (If They Were To Be Sold, Which They Won’t Be)
Although the researchers have made it abundantly clear that this project is not a commercial one, out of concern over the obvious privacy issues it presents, if it were to appear one day, it has a unique selling point: automation.
Large language models have evolved a great deal in a short space of time and are now fully capable of understanding, processing and compiling “vast amounts of information from diverse sources–inferring relationships between online sources,” the researchers said. The synergy between LLMs and reverse face search allows for “fully automatic and comprehensive data extraction that was previously not possible with traditional methods alone,” they warned, concluding, “from the LLM extracted name, a FastPeopleSearch lookup can identify the person’s home address, phone number, and their relatives.”