-
-
Example demonstrating removal of Credit Card number, Name of holder and Expiration date
-
Inspiration
An Everyday Interaction
Recently, a friend posted a group selfie where one person's ID card was visible. This unintentionally revealed their name, place of work, and ID number. This incident made us think about how a seemingly harmless image can contain sensitive information that, in the wrong hands, can prove disastrous.
Formalizing the Idea
In today's interconnected world, image-based communication has become an integral part of both professional and personal interactions. While images offer a visual medium for efficient information sharing, they also pose a significant risk of unintentional data leaks.
The Professional Landscape
Within corporate environments, employees often rely on screenshots to share insights, clarify doubts, collaborate on projects, and seek IT support. However, this practice can inadvertently expose sensitive information. Screenshots, for instance, can capture confidential data such as financial reports, proprietary code, or sensitive client information while trying to capture an error on the user's laptop or while showing progress of their current project. These seemingly innocuous actions can create vulnerabilities for organizations, potentially leading to data breaches, reputational damage, and legal consequences.
The Personal Realm
Even in personal contexts, image sharing can pose privacy risks. A casual screenshot of a social media post or a personal document might unintentionally reveal sensitive details like home addresses, phone numbers, or financial information. These seemingly minor leaks can be exploited by malicious actors to launch targeted attacks, such as phishing scams or identity theft.
The Looming Threat of Social Engineering and Correlation Attacks
Moreover, the proliferation of image-based communication has amplified the potential for social engineering and correlation attacks. By carefully analyzing seemingly innocuous images, attackers can piece together valuable information about individuals and organizations. For example, a seemingly harmless selfie taken during an event while wearing an ID card could reveal an individual's whereabouts, potentially aiding in physical surveillance or targeted phishing attacks.
A Market Gap
Despite the growing risks associated with image-based data leaks, there is currently a dearth of effective solutions to address this problem. Existing Data Loss Prevention (DLP) solutions often rely on manual review or automated redaction techniques for texts and might not even touch upon image or video files, which are time-consuming, prone to human error, and thus may not be adequate to protect sensitive information.
Our Solution: A Proactive Defense
Our solution aims to fill this market gap by providing a proactive and automated approach to image-based data loss prevention. By leveraging advanced image processing techniques and machine learning algorithms, our tool can intelligently identify and obscure sensitive content within images, mitigating the risks of accidental data leaks and safeguarding sensitive information.
Working
While our solution is platform-agnostic, for the demo, we choose to demonstrate it through Slack since it is used by 80% of Fortune 100 companies, and it also provided us with a framework to create the bot.
Step 1: User sends the image in the channel as they normally would.
Step 2: Our solution takes the image and analyzes it for sensitive content
Step 3: The bot sends the updated image to the receiver.
Key Differentiators
- The channel where the sender is sending the image is not the receiver's inbox. This means that the receiver does not get access to the original image at all, which adds another layer of safety against malicious actors.
- Enterprises are adapting on-prem LLMs for enhanced privacy and performance. Thus using LLM to analyze the data doesn't risk data leakage for them.
- We have engineered the prompt to be specific for our use case which encompasses both enterprise and general users. This can be fine-tuned as per requirement.
Next Steps for Obscura
- We can add nudges to users before they send the image.
- An enterprise can build additional filters on top of it as per their IT policy and other use cases.
- For an enterprise, they can add their own prompts to create custom filters.
- The core of our solution is platform-agnostic. Thus we can integrate it with different messaging and email platforms to provide protection all around.
Log in or sign up for Devpost to join the conversation.