Blocking people from taking pictures of me with smartphone

Question

This question might be better suited for Skeptics, but I guess that those who can really answer this might hang around here.

In the second episode of the fourth season of the french spy series The Bureau (see around 0:36 in this clip), one hacker (A) demonstrated how when someone else (B) is taking a picture of him with a smartphone, the picture is not captured and instead a message "Do not do that motherf...!" is shown.

A claims that it works thanks to an app that he has on his own smartphone, interacting with B's smartphone to prevent it from taking pictures.

My question is if this really is doable. Of course if A previously hacked B's phone then there is nothing particularly special about it, but could this be achieved so that no random person showing app can take a picture of A with their smartphone?

It probably would've been off-topic at Skeptics as it's not held to be a true claim in the original. — WBT, Aug 09 '19 at 19:26
I also heard you can cover your face with lemon juice to prevent security cameras from getting a picture of you. This guy tried it, and got caught. https://qz.com/986221/what-know-it-alls-dont-know-or-the-illusion-of-competence/ You might now want to believe everything you see on TV/Internet. — Steve Sether, Aug 09 '19 at 20:54
Reminds me of this... https://www.youtube.com/watch?v=5rdXvtdSIF8 — barbecue, Aug 09 '19 at 21:10
hacking all smartphones in the world to stop people taking photos? still easier than blocking people having eidetic memory from drawing portraits :-) — szulat, Aug 10 '19 at 13:38
Hang on, your smartphone uses 256-bit encryption. This is going to take a few seconds to hack. There, I'm in. — Damon, Aug 10 '19 at 19:06
@szulat Not really. It would cheaper to slip something in someone's drink to make them forget or question the experience than to develop a universal phone virus. — jpaugh, Aug 11 '19 at 08:14
@jpaugh the real problem is detection, you have no way of knowing that someone is going to take a "photo" of you just by looking at you. — szulat, Aug 11 '19 at 09:40
I've heard speculation that the EURion pattern and other anti-forgery features could be used for this purpose. If you print the right patterns on your shirt then image processing software and printers will refuse to produce pictures of you. — Oscar Cunningham, Aug 11 '19 at 10:01
You could prevent people from taking a picture of you by jamming the part of the electromagnetic spectrum which maximizes their phone lens+CCD sensitivity and minimizes human eye sensitivity. Or, if you don't mind completely disabling all electronics around you, an EMP. — Michael, Aug 11 '19 at 22:09
@SteveSether, Lemon-juice-guy actually thought that idea up entirely on his own. Fact: You can use lemon juice as an "invisible" ink. The stain left by lemon juice on paper will be hard or impossible to notice until you heat the paper to a certain temperature, and then the stain will darken. Lemon juice guy told the cops that he'd heard about the invisible-ink thing, and assumed therefore, that anything covered with lemon juice would be invisible to a surveillance camera. — Solomon Slow, Aug 12 '19 at 14:35
@szulat Hadn't thought about that aspect; but maintaining body guardswould be comparable in expense to maintaining a hack against all phones that come to market. It might even be much cheaper. Or, just wear a comfortable mask. Non-technical problems are often easier to solve without technology :-) — jpaugh, Aug 12 '19 at 14:40
@OscarCunningham My android 8 phone can take a picture of EURion without issues... so maybe other security features could work. — beppe9000, Sep 21 '19 at 17:42

score 100 · Accepted Answer · 2019-08-09T09:23:58.540

100

tl;dr

No, this completely falls within the realms of fiction!

The longer explanation

For something like this to work, Alice would need to find an exploit in the camera of Bob, which would then prevent Bob from taking a picture. The only ways of Alice to exploit Bob's camera is for her to send some kind of information to it.

Possible ways for her to do this would either be via what the camera "sees" or via some other channel (Bluetooth, Ad-Hoc Wi-Fi, etc.).

The first way is, to be frank, absolutely nuts. There are exploits related to images and specific image formats, but all those exploit the specifications of how image files are read, rather than the pixels on it.

As far as Bluetooth or Wi-Fi goes, this is a little bit more believable, but just barely above "Zoom and Enhance". If Alice could connect to Bob's phone via Bluetooth, there may be an exploit she could use that would disable the camera app.

However, if Bob used a dedicated camera instead of his phone, then Alice is out of luck and her picture will be taken.

How could I protect myself from having my picture taken?

There are, however, creative ways to hide yourself from cameras. After all, reality can be so much cooler than fiction if you get a bit creative.

Infrared LEDs emit infrared light. This light is not visible to our eyes, but to cameras. This difference is something that hackers can exploit.

By attaching many, high-powered infrared LEDs to your clothing in a way that they shine on your face (e.g. through LED strips on the inside of your hoodie, on your baseball cap, etc.), your face will receive much more light than the surroundings, causing your face to be extremely overexposed.

This will probably stop security cameras, since they will try to set their exposure in a way that most of the picture (i.e. your surroundings) are illuminated correctly.

Somebody taking pictures manually of you may be able to set the exposure correctly, showing your face, but making the rest of the picture very dark. With some clever image manipulation tricks, and multiple pictures taken at different exposure levels, you can be shown in your surroundings, even with such LEDs in place.

Cool, can I see how that looks like?

Here you can see a picture of glasses with just a few LEDs:

^{Attribution: Tokyo National Institute of Informatics}

The two pictures on the top are with the LEDs turned off. This is how a person would see it. The green frame shows that a camera has detected a face.

The two pictures down below show the LEDs turned on. It's much harder to detect details of the person, but it's still doable, especially if you have some reference image. The camera, in this case, failed to identify a person.

With more and/or stronger LEDs, the effect will be much stronger.

Here is also a video, showing them in action with a typical webcam. Again, with some reference, a person is still identifiable.

What about the downsides to this?

Before you go online and order a 500 pack of infrared LED strips, there are some downsides to this technique.

A battery or some other power source is required. This may be the least of your worries, since LEDs don't draw that much power, but running around with a 9v in your pocket may become annoying.
You don't see if it's not working. Unless you regularly take selfies of your overexposed face, you don't know if your security system has failed.
Since you quite literally look like a shining ball of light on pictures, people reviewing security camera footage will probably start investigating why Jesus is casually walking through the mall. It does attract unwanted attention, is what I am trying to say.
You depend on your clothing. Depending on where you go, it might not be feasible to wear clothing close to your face, such as a swimming pool. You may be able to wear a baseball cap, but then you run into the problem of a power source.

edited Aug 09 '19 at 09:23

answered Aug 09 '19 at 09:13

8

This reminds me of the movie Baby Driver where they used glasses like those. – JoL Aug 09 '19 at 17:38
Perhaps one carefully aimed LED, or weak IR laser pointed directly at the offending camera, any time you suspect you're being photographed, would be enough. – dwizum Aug 09 '19 at 17:39
And then, with enough point LEDs, you can spell whatever expletive you prefer on the back of your hacker coat. – svavil Aug 09 '19 at 17:59
2

DSLRs/MILCs universally have IR filters, and any camera more dedicated than a smartphone is likely to. – chrylis -cautiouslyoptimistic- Aug 09 '19 at 18:25
5

@chrylis, iPhones have IR filters, which make them useless for checking battery quality on old IR remote controls. – Nathan Goings Aug 09 '19 at 19:04
Rather simpler just to wear dark glasses or a motorcycle helmet? – abligh Aug 10 '19 at 07:42
There are exploits related to images and specific image formats, but all those exploit the specifications of how image files are read, rather than the pixels on it. => In theory, one could target a vulnerability in the image format encoder; a specially crafted "raw" RGB file could for example trigger some form of catastrophic cancellation in the algorithm wiping out part of the image, or trigger some out-of-bounds access, etc... still quite more likely to get garbage than anything readable, of course. In practice, I have high doubts that a photo allows such fine crafting of the RGB values. – Matthieu M. Aug 10 '19 at 10:42
52

"Since you quite literally look like a shining ball of light on pictures, people reviewing security camera footage will probably start investigating why Jesus is casually walking through the mall." – Coldblackice Aug 10 '19 at 11:55
@chrylis Yes, you can circumvent it. I am not an expert in photography, just casually repeating what I read a while ago. – Aug 10 '19 at 12:57
5

Vaguely related: for flash photography, you don't need your own energy source, reflective materials can be useful enough ("paparazzi scarf"). And I wonder if smartphone cameras (need to) test for the EURion constellation these days. – Ulrich Schwarz Aug 10 '19 at 16:13
1

I'd be a little worried about the thermal effects of this much IR radiation bouncing off your face (and even worse, into the eyeball, though I'm not entirely sure about the transmission spectrum of the human lens). On the upside though, if my worries prove to be fruitful, you would definitely know when the system malfunctions. – John Dvorak Aug 10 '19 at 19:45
3

Your best bet targeting image encoders would be to shine a QR code with malicious payload onto your face. The eye won't see it, but a smartphone will pick it up, try to decode it, and run your code. One QR code for Android phones and one for Apples should do the trick beautifully. Gives an entirely new meaning to the phrase "turn the other cheek" because that's where the two QR codes are. – John Dvorak Aug 10 '19 at 19:50
Also, powered clothing tends to make security freak out. 1/31 never forget! – Harper - Reinstate Monica Aug 10 '19 at 21:52
Here's a better photo example, since it's both more effective and less intrusive (i.e. unnoticable). (Source article: https://odditymall.com/justice-caps-hide-your-face-from-surveillance-cameras) – jpaugh Aug 11 '19 at 08:16
The work on led-glasses referenced, is not to mask your identity from a human observer, but to throw off old face-recognition methods (cascaded ada-boost to be specific). The interpretation of this is totally off, and it is also a rather irrelevant work, because todays face-recognition is done by deep learning. You can, as is mentioned, have near infrared transmitters that can be very strong... but most camera systems on phones have a proper IR cut-off filters. Why is this upvoted? – Stefan Karlsson Aug 11 '19 at 19:11
1

@jpaugh I saw this example, but in all honesty, it looks more like the picture has been edited in post, rather than showing something working. For once, the two pictures are identical in shape, so clearly not a "before/after" picture (look at the background). It seems more as if it was desaturated in color, and had a perfect white circle added in the middle. It just works too well, if you see what I mean. – Aug 12 '19 at 07:31
The approach of using Leds to hide your face from mobile phones does not work. For surveillance cameras, it may rarely work but not during day time. There is quite a bit of dis-information being upvoted here. Sad. – Stefan Karlsson Aug 12 '19 at 10:59
@StefanKarlsson Care to elaborate? I am aware IR filters exist, but there is plenty of old equipment out there that doesn't use those. Because as it stands now, your comment is nothing more than "You're wrong". – Aug 12 '19 at 11:31
Many, maybe even all android phones also have IR filters but they're not completely blocking. High power LEDs will still get through enough to dominate reflected light. Shorter wavelengths (closer to 750nm) may be better, though they may be faintly visible to the naked eye – Chris H Aug 12 '19 at 12:20
@MechMK1 That's a shame. A solution which only prevents auto-focus doesn't work at all, I'm afraid. – jpaugh Aug 12 '19 at 14:35
@MechMK, here follows 3 reasons for why this does not work. Im sure there are more reasons, but I wont waste more time on it. If you want to argue for old equipment, then sure. Maybe there is a stack-exchange for that. History of technology or likewise? – Stefan Karlsson Aug 13 '19 at 07:19
@MechMK, 1) IR-cut off filters will do enough of a job to reduce the incoming wavelengths of all NIR. This means a led emitting visual light will do a better job when IR-cut off filters are present. Take into account that the energy in the scene will render the effect of the leds totally neglible. 2) leds are point sources, they will reduce their irradiance of the sensor elements with 1/r^2, r being distance to the camera. This can be compensated for by dircectional leds, but that would mean you need to constantly face the camera. – Stefan Karlsson Aug 13 '19 at 07:19
Even if you can get the overexposure effect that you say is possible, modern cameras capture at reasonably high dynamic range. 10 or 12 color depth is standard on phones these days, and then use automatic tone-mapping. Because your intensity range will not be far outside of the depth of the camera, modern cameras can compensate for this effect.

Stefan Karlsson

Aug 13 '19 at 07:19

@StefanKarlsson That might all be true, and perhaps from the way I have written it, it may sound like I am advocating that IR- (or near-IR)-LEDs are a perfect solution. I am aware that they are not, and I included them more for the sake of "Here's some other cool thing that tries to solve the same problem", rather than anything else. Perhaps I should edit the answer to state the problems more clearly. – Aug 13 '19 at 09:31

score 13 · Answer 2 · answered Aug 09 '19 at 09:09

13

This is not doable.

Unless hacked, your smartphone doesn't communicate with other smartphones around it. It doesn't even know if someone is taking pictures. There's no way it could possibly block someone taking a photo of you.

In the clip you've linked, A explains that he can do "whatever he wants", like "altering the Internet connection". He's implicitly saying that he hacked her phone, that's how he got full control of it.

answered Aug 09 '19 at 09:09

Benoit Esnard

14,694
7
69
69

What I imagined was that in some way A's smartphone systematically hacked all smarphones in the current wifi network, or maybe even others through bluetooth as soon as within reach. – bangnab Aug 09 '19 at 09:12
43

@bangnab You can't just "hack" things. This is one of the biggest myths Hollywood has propagated. – Aug 09 '19 at 09:14
3

What I meant is that there could be exploits that are only known to intelligence agencies allowing one to break into others phones via wifi or bluetooth and compromising the phone's camera. – bangnab Aug 09 '19 at 09:19
6

@bangnab: There could be, and there could also be an invisibility cloak helping you to avoid pictures. :) As far as we know, this is just pure fiction. – Benoit Esnard Aug 09 '19 at 09:22
2

There might be exploits only known to intelligence agencies, but most people here don't work for an intelligence agency, and if anyone does they're probably not going to tell about existence of such exploits. So asking here you probably won't get an answer mentioning any such thing. – Henrik supports the community Aug 09 '19 at 09:23
1

To phrase it in another way then: have there ever been exploits of this kind (now patched)? – bangnab Aug 09 '19 at 09:28
@bangnab See my answer for more details, please – Aug 09 '19 at 09:28
8

@Henrik This statement holds true to anything. "There might be knowledge that isn't public" is quite a generic statement. – Aug 09 '19 at 11:57
1

@MechMK1 In fact, that is the bread and butter of conspiracy theorists. – GalacticCowboy Aug 09 '19 at 18:40
6

@MechMK1 I believe that's Henrik's entire point... – user91988 Aug 09 '19 at 20:11
"your smartphone doesn't communicate with other smartphones around it" is untrue. Anytime your smartphone's flash goes off and another smartphone's camera sees the flash there is communication going on. – emory Aug 09 '19 at 23:34
@MechMK1 do I have to say "that's what they WANT you to think" ? :-) . Seriously - there's lots of doable things given a chunk of money and some smart people. It doesn't happen with 10 seconds' worth of keyboard bashing, but it happens. – Carl Witthoft Aug 12 '19 at 12:53
@CarlWitthoft That may be true, but such arguments are completely disconnected from reality. Is it imaginable that every single piece of hard- and software is backdoored by every intelligence agency possible? Yes, it's possible, but unless you have some concrete evidence for something specific, it's all speculation and not really bound to anything real. – Aug 12 '19 at 12:57

score 6 · Answer 3 · answered Aug 09 '19 at 09:35

6

Here is a patent for technology that will tell smart phone A not to take a picture of asset B.

https://www.theatlantic.com/technology/archive/2016/07/what-if-cameras-stopped-telling-the-truth/491150/

Now if all the smart phone vendors implemented this, similar to how the consumer grade DVD player vendors all agree on DVD copying then eventually you'd get the situation where most phones don't take the image. Not perfect of course.

answered Aug 09 '19 at 09:35

Unicorn Tears

1,199
5
6

7

Literally all I needed was a filter in front of the lens to block IR light and I would be able to circumvent this. Doesn't surprise me that a patent from 2011 didn't catch on. – Aug 09 '19 at 09:38
2

@MechMK1 LOL that's right. Besides who wants to buy a smartphone that won't take pictures ... – Unicorn Tears Aug 09 '19 at 10:57
12

DVD player vendors didn't voluntarily agree to restrict DVD copying. They all want to let consumers do that (because it would make their product more valuable to consumers, for no additional cost to them), but they're not allowed, because the DVD rights owner won't let them. There's no equivalent intellectual property rights to make cameras work, so there's no reason any vendor would intentionally make their own camera worse. – Joseph Sible-Reinstate Monica Aug 09 '19 at 15:10

score 3 · Answer 4 · edited Aug 11 '19 at 20:02

3

I think there might be scenarios in which this could work. Imagine a person wearing a T-shirt with a QR code. Person B tries to shoot a photo with his smartphone. The smartphone recognises the QR code which

automatically opens a web browser showing a webpage stating "Stop this"

or
generates a buffer overflow due to buggy implementation of the QR code interpreter.

edited Aug 11 '19 at 20:02

schroeder

129,372
55
299
340

answered Aug 11 '19 at 17:16

Uwe Ziegenhagen

131
3

3

I don't know of any stock camera apps that automatically resolve QR codes. – Michael Frank Aug 12 '19 at 00:01
2

The default camera app on the iphone will detect qr-codes – Robert Aug 12 '19 at 10:16
@MichaelFrank The default camera app on the Xiaomi Pocophone F1 detects QR codes. – TheGreatCabbage Aug 12 '19 at 13:54
1

This is really a good answer – tungsten Aug 24 '19 at 11:00

score 1 · Answer 5 · answered Aug 09 '19 at 18:46

If A has knowledge of an unpatched vulnerability in B's phone, then it's possible that A's device could wirelessly upload an exploit to B's phone and interfere with the photo software's operation to prevent the photo being saved. If this is done passively, then A needs exploits for any phone that they could encounter. It also wouldn't work on older digital cameras that don't have wireless capability, but most people don't carry those anymore. The ability could only be available to a select few, since software and/or hardware manufacturers would patch the vulnerability if they got their hands on the exploit.

It's possible than an exploit like this exist, but it'd either be in the hands of a government agency using it for surveillance or someone who would sell it.

From the video clip, it doesn't look like there is physical interference with the camera, since you can see the target's face on the screen before the photo is taken. MechMK1 gave some good examples of physical interference methods, but there is also the case of a billionaire's yacht blocking paparazzi cameras by shooting lasers at the sensors and this purse that reacts to camera flashes with its own

score 0 · Answer 6 · answered Aug 12 '19 at 00:24

Part of this is theoretically possible, but the scenario as described is a TV fantasy.

There is active research into detecting lenses pointed at a target, but they are aimed at sniper rifles, not cameras, e.g. this patent. There are also multiple ways to detect hidden cameras, aimed at surveillance. And, of course, there's even an app for that.

These technologies could be combined into a detector that notices when someone points a camera at you, including that from a smartphone. Leaving questions of reliability and false positives aside, it could be combined with a technology like the anti-face-detection LEDs MechMK1 mentions to form a kind of selective camera camouflage.

But how would you get the other person's smartphone to show a message, or a picture entirely different from the one they were trying to take? The first case would require you to hack their smartphone, over the air, in real time. If that were feasible, it would already happen, and for more nefarious purposes. For a spy movie, that's the kind of rocket-shooting, underwater-driving car that we accept in such movies, but it's not real. To show a completely different picture (the 2nd example in the clip) simply defies the laws of physics. You would have to project light into the camera aimed at you, but to fill the entire picture and not the tiny dot of your projector lens would require the light beams to bend in ways that light simply doesn't bend like.

Having detected a camera lens pointed at the victim, the countermeasure projects the desired image (message) directly into it, e.g. with a small scanning laser, completely overexposing and blowing out the face of the victim. Could be accompanied by a notification, or just make it powerful enough to ignite the attacker's phone battery, which will be notification enough. — qris, Aug 12 '19 at 13:03
@qris: You seem to miss the basic function of a lens. The laser emitting from one point will be focused by the lens on one pixel of the smartphone's camera. This is true regardless of where exactly the laser beam hits the lens, so a "scanning laser" won't help. — MSalters, Aug 12 '19 at 13:40

score 0 · Answer 7 · answered Aug 12 '19 at 10:47

Yes, it is doable, but it would be a voluntary feature of the camera app of the person that takes the photo. I do not think it is implemented in any common camera app, but there are implementations in many photocopiers, that prevent you from copying things with a certain dot pattern on it.

The EURion constellation is a special pattern, that can be recognized by these devices and stops people from copying banknotes. In addition to photocopiers, some software like Adobe Photoshop implements this as well.

People already experimented with printing EURion on t-shirts and other clothing. I do not think they were successful.

Other experiments involve adversarial pattern for image recognition neural networks, that prevent face detection or lead the camera not to focus on the face, when it is in auto-focus mode. Most of such patterns are rather obvious make-up, that you would not wear every day. Another technical device that uses infrared LEDs is mentioned in the post of MechMK1.

The reason why you can't print an EURion pattern on a shirt and have it block the camera is because cameras are generally not used to make copies of bank notes, since the perspective would distort the image. Furthermore, shirts are often bent and wavy when people are sitting or walking, so parts of the pattern may be obscured. — , Aug 12 '19 at 11:38

score 0 · Answer 8 · answered Aug 23 '19 at 20:56

This is not something which anyone can attain. Previous responses explain very well why. However there are some people which may actually go very very near to that! Most modern smartphones either work using iOS (Apple) or Android (Google). If you were the CEO of Apple you cloud simply impose that the company forces a silent update to all devices (phones/tablets) so that if they detect your specific Bluetooth they will refise to take pictures! A similar thing can be obtained from the Google CEO but it would require a more tricky approach (no need for detsils: your engineers will know how to do that :-) So to sum it up to block all the phones you need the cohoperation of both Google's and Apple's CEO, then a simple app on your phone will simply trigger the protection! :-)

So.... In case (very unlikely!) these company already have embedded such "no photo" trigger and you are the first and only hacker to discover it then you could simply implement the client app to trigger this!

score -1 · Answer 9 · answered Aug 12 '19 at 12:51

If the original question is limited to "hacking" just Person B's phone, then it's quite doable with only minor "suspension of disbelief."

First, Person A obtains B-phone's SIM id. Then Person A's phone checks the location of PhoneB, and if it's within, say, 10 meters, PhoneA checks an outgoing message (here's where some hack software would have to have been loaded) from PhoneB indicating a camera is activated. Now Person A is at least warned.

FWIW, it is completely reasonable to posit that NSA-level tools can force OTA installs onto PersonB's phone without any notifications being made. And for that matter, given another few years' worth of software development and smartphone processor capability, why not claim that such a software install includes facial recognition tools that could identify PersonA and then intercept the current camera image(s).

user1067003 · Answer 10 · 2019-08-11T19:09:59.717

-3

TL;DR: i disagree with most answers here, Apple and Google could probably do it.

Apple could implement it for all iPhones, i guess Google could do the same for all androids phones, for all internet-connected phones under their control with GPS enabled. (system that asks an internet server if it's ok to use the camera in that GPS position before allowing a camera app, or any app, to take control of the camera hardware.. sure one could argue that "all you have to do is to disable internet and GPS", but they could also make those mandatory to take a picture, at least for non-rooted (or in iPhone-terminology, non-jailbroken) phones)

edited Aug 11 '19 at 19:09

answered Aug 11 '19 at 19:04

user1067003

583
4
11

1

It’s an interesting idea, but it’s not currently possible. – securityOrange Aug 11 '19 at 22:01
@securityOrange what is not currently possible? iPhones have everything required to implement it – user1067003 Aug 11 '19 at 22:14
Be that as it may, it’s not something that has been implemented. So again, it’s a really sweet idea and I personally dig it, but for users it’s not accessible (currently). – securityOrange Aug 11 '19 at 22:25
@securityOrange question is "is it doable", not "is it implemented", and yeah, it's theoretically doable for Tim Cook. (and maybe POTUS could pull it off as a national security concern or whatever) – user1067003 Aug 12 '19 at 07:45
The question is not whether it is possible for a phone developer to create the functionality (of course they can), but whether a user could. – schroeder Aug 12 '19 at 14:16
@schroeder A user who could hack into Apple's update system and make (and sign) malicious updates could also do it, i don't see why not, if you know why that's not possible, please enlighten me. PS, Tim Cook is also a user, and he wouldn't even have to hack anything (would probably have to deal with angry investors and bad PR and get fired eventually, thought) – user1067003 Aug 12 '19 at 14:30
That's not your answer though. Your answer is: the vendors could do it. And that's not the question. – schroeder Aug 12 '19 at 14:37