WHEN QUEEN ELIZABETH performed a TikTok dance during her Christmas 2020 video address, people saw the joke but not the warning. The last Stars Wars movie featured actors dead for two decades. Can you trust your senses anymore?
Deepfake, a mashup of deep learning (artificial intelligence and machine learning) and fake, manipulates one person's image or voice for deceptive purposes. Faked voices are a bigger problem today than videos, because the technology is easier and more available. "In Germany [in 2019], criminals impersonated a person's voice to scam $250,000," says Joseph Steinberg, a cybersecurity adviser in New York. "Imagine how fake advice from Elon Musk could affect the stock market."
He warns 2021 is the beginning of deepfake attacks, and they'll be dramatically better in five years.
Joe Palmer, president of iProov in North America, a biometric authentication company headquartered in London, agrees. "We see 2021 as the year of the deepfake," he says. "It's hard to do well, but if a gang does the work, they can scale their crimes. An example is filing false unemployment claims for hundreds of people, routing the checks to themselves."
Similar deepfake attacks are being used on other government accounts. There are only a small number of people able to pull these crimes off, but Palmer believes they'll soon appear for rent like access to botnets. Social engineering attacks using deepfake voices and images are also being used for breaches like installing malware.
The remote workforce is a target too. "Deepfakes are much more dangerous when people are remote," adds Steinberg. "In an office, you can see each other."
One tool for protecting against deepfakes is facial verification, which now has protections against the easiest deceptions. "You can no longer just hold up a picture of a face, which did work early on," says Palmer. For example, techniques such as looking for eyes to blink could be spoofed with an iPad simulating a blink, he adds, but the industry has closed that gap.
Now facial recognition technology can measure how light reflects on the face to make authentication more reliable. And costs for these solutions are dropping into the SMB range, especially when existing webcams and smartphone cameras are used.
For high-dollar transactions in particular, Palmer says users feel more comfortable with processes that include advanced tools like facial authentication. "The best two authentication sources are your face and a verified device." If you can trust the face.
Steinberg says authentication technology will always lag behind criminal efforts, however, so he advises training users and putting processes in place to verify transactions that can be spoofed. For example, if you get a voicemail from your boss demanding an immediate payment to a supplier, verify it.