How to "Fool" Artificial Intelligence?

baoshi.rao

The concept of artificial intelligence (AI) has been around for many years and has been applied in various products. However, in terms of performance, AI is sometimes humorously called "artificial stupidity" as it can be easily fooled by people.

Many people have used mobile maps, which have greatly facilitated daily life through navigation. But recently, navigation maps encountered a minor issue—

A foreign netizen placed 99 phones in a small cart and walked slowly on the road. Something interesting happened: Google Maps identified the area as having a high concentration of users and even labeled it as "slow traffic." If a driver passed by, the map would suggest rerouting to avoid this "congested" area. It’s fascinating how such a simple method can trick Google Maps.

With the rapid development of AI technology, smart machines are becoming increasingly prevalent in daily life, from home to transportation, significantly improving living standards. Examples include ride-hailing services, map navigation, facial recognition, autonomous driving, and smart voice assistants.

Among these, there are powerful giants like Google Maps, Alipay’s facial recognition payment, and Tesla’s autonomous driving. AI amazes us with how technology transforms life but also makes us wonder: Is AI truly smarter than us?

In this world, there are always those who take unconventional paths. When computers were born, some didn’t use them properly but tinkered with them—these people later became known as hackers, possessing exceptional skills and patience. The rise of AI seems to have lowered the bar for hacking, allowing many to fool it.

Methods to fool AI can be categorized into three types: simulation deception, logical deception, and platform vulnerabilities:

1. Simulation Deception: Understanding AI’s capabilities and deceiving it through physically similar inputs. Such attacks are notable for being hard to detect.

   • In 2017, a computer scientist placed stickers on a stop sign, tricking an autonomous driving AI into misidentifying it as a 45 mph speed limit sign—a result that would frustrate any self-driving car company.
   • Such tricks could lead to fatal accidents. In places with rampant small ads, the car might behave unpredictably.

2. Logical Deception: Exploiting the logic of AI systems.

   • For example, facial recognition is widely used for实名认证 and payments. Imagine hearing that someone successfully bypassed Alipay and WeChat’s facial recognition systems to make payments or even enter a train station in China. It’s alarming and raises concerns about mobile wallet security.
   • An AI company named Kneron claimed to have breached Alipay and WeChat’s facial recognition using 3D masks and even entered a train station. While wearing masks or fake heads isn’t allowed, the idea of "passwords on faces" makes one wonder if masks will become necessary, like hiding part of a password.

3. Platform Vulnerabilities: Traditional hackers enjoy digging into AI platform bugs, such as the famous "dolphin attack."

   • Smartphones, wearables, and smart homes often come with voice assistants like Siri or Xiaobiu. But are voice controls safe? By converting voice commands into ultrasonic frequencies (inaudible to humans but detectable by devices), hackers can exploit microphone hardware flaws to execute commands, causing AI to make wrong decisions.

AI is both marvelous and fragile—slight manipulation can turn it into "artificial stupidity." Current "deep learning" machines still have limitations.

Looking back at AI history, it represents the third wave of computer development, extending and expanding traditional computing. Traditional computers work on deterministic inputs and outputs. Similarly, machines respond to perceived signals, and AI follows the same principle: given an input, it produces a specific output after machine learning. If the input is interfered with or deceived, the output becomes erroneous—hence the "artificial stupidity" we see.

Today’s AI is like the zombies in 1990s Hong Kong movies: sprinkle rice flour on their faces, and they can’t see you!

Here’s a funny anecdote: As a woman, wearing makeup is normal, and friends can recognize her with or without it. But at a train station with facial recognition for entry, a woman struggled to scan her ID—it looked too different from her made-up face. The AI couldn’t tell she was wearing makeup; it only saw a mismatch with her ID photo. She eventually had to use the slow manual channel.

A small tip: When setting up facial recognition on your phone, make sure to look your best, or it might not recognize you!

Despite all the benefits and conveniences of AI, its vulnerabilities can’t be ignored. Like spear and shield, AI and AI-fooling are natural adversaries. In this game of deception, AI products will hopefully grow stronger. While fully replacing human work is still far off, it’s coming soon. I’m grateful to live in an era witnessing AI’s rapid integration into our lives.

Finally, a quote from my favorite, Stephen Chow: "Life is like a box of chocolates; you never know what you’re gonna get."