Why is Morph Detection Important?

We’re all familiar with the morphing of faces from subject 1 to subject 2, in which there is an intermediate subject 1.5 that combines the features of both of them. But did you know that this simple trick can form the basis for fraudulent activity?

Back in the 20th century, morphing was primarily used for entertainment purposes. Nothing that would make you cry, even though there were shades of gray in the black or white representations of the morphed people.

Godley and Creme, “Cry.”
Michael Jackson, “Black or White.” (The full version with the grabbing.) The morphing begins about 5 1/2 minutes into the video.

But Godley, Creme, and Jackson weren’t trying to commit fraud. As I’ve previously noted, a morphed picture can be used for fraudulent activity. Let me illustrate this with a visual example. Take a look at the guy below.

From NISTIR 8584.

Does this guy look familiar to you? Some of you may think he kinda sorta looks like one person, while others may think he kinda sorta looks like a different person.

The truth is, the person above does not exist. This is actually a face morph of two different people.

From NISTIR 8584.

Now imagine a scenario in which a security camera is patrolling the entrance to the Bush ranch in Crawford, Texas. But instead of having Bush’s facial image in the database, someone has tampered with the database and inserted the “Obushama” image instead…and that image is similar enough to Barack Obama to allow Obama to fraudulently enter Bush’s ranch.

Or alternative, the “Obushama” image is used to create a new synthetic identity, unconnected to either of the two.

But what if you could detect that a particular facial image is not a true image of a person, but some type of morph attempt? NIST has a report on this:

“To address this issue, the National Institute of Standards and Technology (NIST) has released guidelines that can help organizations deploy and use modern detection methods designed to catch morph attacks before they succeed.”

The report, “NIST Interagency Report NISTIR 8584, Face Analysis Technology Evaluation (FATE) MORPH Part 4B: Considerations for Implementing Morph Detection in Operations,” is available in PDF form at https://doi.org/10.6028/NIST.IR.8584.

And a personal aside to anyone who worked for Safran in the early 2010s: we’re talking about MORPH detection, not MORPHO detection. I kept on mistyping the name as I wrote this.

An IMEI Number Is NOT Unique to Each Mobile Phone

(Imagen 3)

Have you ever used the phrase “sort of unique”? Something is either unique or it isn’t. And International Mobile Equipment Identity (IMEI) numbers fail the uniquness test.

Claims that International Mobile Equipment Identity (IMEI) numbers are unique

Here’s what a few companies say about the IMEI number on each mobile phone. Emphasis mine.

  • Thales: “The IMEI (International Mobile Equipment Identity) number is a unique 15-digit serial number for identifying a device; every mobile phone in the world has one.”
  • Verizon: “An IMEI stands for International Mobile Equipment Identity. Think of it as your phone’s fingerprint — it’s a 15-digit number unique to each device.”
  • Blue Goat Cyber: “In today’s interconnected world, where our smartphones have become an indispensable part of our lives, it is essential to understand the concept of IMEI – the International Mobile Equipment Identity. This unique identifier plays a crucial role in various aspects of our mobile devices, from security to tracking and repairs.”

These and other descriptions of the IMEI prominently use the word “unique.” Not “sort of unique,” but “unique.”

Which means (for non-person entities, just like persons) that if someone can find a SINGLE reliable instance of more than one mobile phone having the same IMEI number, then the claim of uniqueness falls apart completely.

Examples of non-uniqueness of IMEI numbers on mobile phones

People who claim IMEI uniqueness obviously didn’t read my Bredemarket blog post of April 1, in which I WASN’T fooling.

  • I talked about an incident in India in which a cyber fraud operation “specialised in IMEI cloning.”
  • And an incident in Canada in which someone was scammed out of C$1,000, even though the phone had a valid IMEI.

IMEICheck.net even tells you (at a high level) how to clone an IMEI. It’s not easy, but it’s not impossible.

“In theory, hackers can clone a phone using its IMEI, but this requires significant effort. They need physical access to the device or SIM card to extract data, typically using specialized tools.

“The cloning process involves copying the IMEI and other credentials necessary to create a functional duplicate of the phone. However, IMEI number security features in modern devices are designed to prevent unauthorized cloning.”

So don’t claim an IMEI is unique when there is evidence to the contrary. As I said in my April post:

NOTHING provides 100.00000% security. Not even an IMEI number.”

What does this mean for your identity product?

If you offer an identity product, educate your prospects and avoid unsupportable claims. While a few prospects may be swayed by “100%” claims, the smarter ones will appreciate more supportable statements, such as “Our facial recognition algorithm demonstrated a 0.0022 false non-match rate in the mugshot:mugshot NIST FRTE 1:1 laboratory testing.”

When you are truthful in educating your prospects, they will (apologizes in advance for using this overused word) trust you and become more inclined to buy from you.

If you need help in creating content (blog posts, case studies, white papers, proposals, and many more), work with Bredemarket to create the customer-focused content you need. Book a free meeting with me.

Stop losing prospects! Use Bredemarket content for tech marketers

Contentless Content Doesn’t Convert Prospects

The most effective message a tech firm’s CMO can share is “We have nothing pertinent to say. Go see our competitors.”

Imagen 4.

That message is EXTREMELY effective…for the competitors.

For your tech firm? Not so much.

Why are your web page and social channels devoid of content?

  • Maybe you don’t have a strategy for creating valuable content to help your firm.
  • Or maybe you do have a strategy, but no people to execute it.

Time for the reinforcements. 

Imagen 4.

Talk to Bredemarket about delivering the content your prospects demand: https://bredemarket.com/mark/

Is “Autonomous SOC” Real?

On the long-standing debate on the mix between automation and manual operations, here’s what the Cyber Security Hub says:

100+ AI security startups claim they can replace Tier 1 and Tier 2 SOC analysts with 24/7 LLMs. They promise AI can triage, detect, and respond—no humans needed.

But here’s the reality:

  • AI tools hallucinate and miss context
  • Custom attacks slip by without human insight
  • Escalations stall when no one’s validating alerts…

…This isn’t about rejecting AI. It’s about using it wisely—and never cutting people out of the loop.

More here: https://www.linkedin.com/pulse/ai-cant-run-your-soc-heres-guide-proves-the-cyber-security-hub-awa9e

Is the Cyber Security Hub correct? 

Are there truly over 100 firms who promise a completely automated cybersecurity solution?

More importantly, can 100% “autonomous SOC” be circumvented by a determined opponent?

Georgi Kisrov’s “Lesson Learned”

(Imagen 4)

From Georgi Kisrov:

“We convince ourselves to hold on just a little longer, to give one more chance, to extend one more ounce of patience. We hope things will change, that people will appreciate us, that circumstances will finally shift in our favor. But sometimes, despite our best efforts, the change never comes.

“That’s when the lesson arrives—not in a single, dramatic flash, but in a quiet realization: I deserve better than this. I deserve to feel seen, valued, respected.”

Read the entire piece here: http://georgikisyov.com/2025/08/26/lesson-learned/

Modernization, Digital Transformation, and Other Multisyllabic Words: Why?

Back when I was with IDEMIA and working with U.S. states to implement (physical) driver’s license production systems, a big word floating around states and their CIOs was “modernization.”

Because many state and federal systems are really really ancient.

But it’s not just governments that have fallen off the path. Many business and government entities, possibly including your own, are in desperate need of modernization, or at least of digital transformation.

Four reasons for digital transformation

Why do you need digital transformation? Here are four reasons why you should transform:

  • Are you suffering from outmoded manual processes? Do your business processes require a lot of outmoded manual steps? Are there steps that you can automate?
  • Are you unable to change your business as the market changes? Is your website and other systems locked into a 2015 or 2005 process? If the market changed tomorrow, how long would it take you to change with it? Could you business benefit from a flexible modular implementation that allows rapid change?
  • Are you blind to your business operations? Can you gather metrics that help you know how your business is doing? For marketers, these could be key process indicators (KPIs) that alert you as prospects move from awareness to consideration to conversion. For operations personnel, these could be performance metrics. But you’re flying blind if you can’t get those metrics, or if you’re getting the wrong metrics.
  • Are your customers unhappy? This is probably the biggest reason of all. Do your current systems frustrate your customers? For businesses (i.e. firms where customers do not have to content with a government monopoly), are your customers about to flee elsewhere?
The need for modernization. Imagen 4.

Yes, you have to perform a cost-benefit analysis, but in many cases you’ll realize future revenue by transforming your digital system and removing inefficiencies.

Two digital transformation experts

There are a number of consulting firms that can help you digitally transform your systems. Bredemarket is NOT one of them (although I can help you transform your marketing).

But it doesn’t matter with me now, because this post is going to highlight two other firms that can help you perform digital transformation: one very specific, and one that is general.

Adobe Experience Cloud Digital Transformation: KBWEB Consult

If you have a mid-sized business and need to digitally transform your Adobe Experience Manager implementation, or other parts of your Adobe Experience Cloud solution, KBWEB Consult is the firm to help you. KBWEB Consult and its people have transformed digital solutions for Kaiser Permanente, LinkedIn, Shimano, and other firms.

Book a meeting with KBWEB Consult directly at CEO Krassimir Boyanov’s Calendly calendar page.

General Digital Transformation: Silicon Tech Solutions

If you have wider digital transformation needs, talk to Silicon Tech Solutions. Offering custom software development and other services in addition to digital transformation, Silicon Tech Solutions addresses multiple needs for small and mid-size businesses. With a team that has gained experience from employment at Amazon and Facebook and from multiple consulting projects, Silicon Tech Solutions is ready to help your firm.

Get more information from Silicon Tech Solutions by contacting them via Bredemarket at my Silicon Tech Solutions page and clicking on the Silicon Tech Solutions logo.

How Do People Learn About UiPath’s Agentic AI Advances? Marketing.

(Picture from LinkedIn)

I’ve consistently believed that when a company is in trouble, it pares down to three key elements:

  • Engineers to create the product.
  • Salespeople to drive the sales of the product.
  • Executives, because they’re always critically important and can never be let go, can they?

Actually I’m kidding about the last one. There are plenty of cases where executives, and even company founders, determined that they were no longer affordable and left their own companies.

But many companies realize that engineers and salespeople aren’t enough, and they actually hire product marketers and other marketers.

Take UiPath, which self-identifies as “a global leader in agentic automation, empowering enterprises to harness the full potential of AI agents to autonomously execute and optimize complex business processes.”

It just hired a new Chief Marketing Officer (CMO): Michael Atalla, previously of Microsoft, F5, and other tech firms.

And hopefully he’ll remove “improve outcomes” from future press releases.

Michael, if you need any other tips, or if your existing marketing staff is overworked and needs outside assistance, let me know.

Stop losing prospects! Use Bredemarket content for tech marketers

“Somewhat You Why” and Geolocation Stalkerware

Geolocation and “somewhat you why” (my proposed sixth factor of identity verification and authentication) can not only be used to identify and authenticate people.

They can also be used to learn things about people already authenticated, via the objects they might have in their possession.

Stalkerware

404 Media recently wrote an article about “stalkerware” geolocation tools that vendors claim can secretly determine if your partner is cheating on you.

Before you get excited about them, 404 Media reveals that many of these tools are NOT secret.

“Immediately notifies anyone traveling with it.” (From a review)

Three use cases for geolocation tracking

But let’s get back to the tool, and the intent. Because I maintain that intent makes all the difference. Look at these three use cases for geolocation tracking of objects:

  • Tracking an iPhone (held by a person). Many years ago, an iPhone user had to take a long walk from one location to another after dark. This iPhone user asked me to track their whereabouts while on that walk. Both of us consented to the arrangement.
  • Tracking luggage. Recently, passengers have placed AirTags in their luggage before boarding a flight. This lets the passengers know where their luggage is at any given time. But some airlines were not fans of the practice:

“Lufthansa created all sorts of unnecessary confusion after it initially banned AirTags out of concern that they are powered by a lithium battery and could emit radio signals and potentially interfere with aircraft navigation.

“The FAA put an end to those baseless concerns saying, “Luggage tracking devices powered by lithium metal cells that have 0.3 grams or less of lithium can be used on checked baggage”.   The Apple AirTag battery is a third of that size and poses no risk to aircraft operation.”

  • Tracking an automobile. And then there’s the third case, raised by the 404 Media article. 404 Media found countless TikTok advertisements for geolocation trackers with pitches such as “men with cheating wives, you might wanna get one of these.” As mentioned above, the trackers claim to be undetectable, which reinforces the fact that the person whose car is being tracked did NOT consent.

From consent to stalkerware, and the privacy implications

Geolocation technologies are used in every instance. But in one case it’s perfectly acceptable, while it’s less acceptable in the other two cases.

Banning geolocation tracking technology would be heavy-handed since it would prevent legitimate, consent-based uses of the technology.

So how do we set up the business and technical solutions that ensure that any tracking is authorized by all parties?

Does your firm offer a solution that promotes privacy? Do you need Bredemarket’s help to tell prospects about your solution? Contact me.

Stop losing prospects! Use Bredemarket content for tech marketers