Deepfakes can effectively fool facial recognition services, study suggests
Deepfakes are slipping into the mainstream. If you’re still unaware of what deepfakes actually are, let me fill you in: deepfakes can be thought of as videos generated by Artificial Intelligence (AI), taking a person in an existing video and replacing them with someone else. If you haven’t stumbled across deepfake technology on your daily social media binge yet, chances are that you will soon. It was only recently when the deepfake footage of Tom Cruise—posted to an unverified TikTok account—racked up a whopping 11 million views on the app. According to Deeptrace, an AI tech startup, the number of deepfakes on the internet has increased by 330 per cent from October 2019 to June 2020—reaching over 50,000 at their peak, creepy right?
Now, let’s be clear, not all deepfakes are used with malicious intent. In fact, they’ve been used quite humorously in the past—cue Nick Cage deepfake compilation—but as with all things, if the technology is placed in the wrong hands, it can have a detrimental impact on the lives of innocent people. Deepfakes have already been used to generate pornographic material of actors—leading to a spike in non-consensual deepfake porn over the recent years. Cybercriminals have even used deepfake software to impersonate the CEO of a UK-based energy firm, demanding a fraudulent transfer of $ 243,000.
And if that wasn’t enough, scientists are now warning deepfake technology to have hit a new, somewhat terrifying, milestone: effectively fooling commercial facial recognition services.
The deeply-fake deepfake effect
A paper, published by researchers over at Sungkyunkwan University, Suwon, South Korea, showed that both Amazon and Microsoft Application Programming Interfaces (APIs) can be fooled with commonly used deepfake-generating methods. The researchers used AI models trained on five different datasets—three publically available and two that they created themselves—containing the faces of Hollywood movie stars, singers, athletes, and politicians. They created 8,119 deepfakes from the datasets in total. From each deepfake video, they extracted multiple faceshots and submitted them to the APIs in question. Microsoft’s Azure Cognitive Services was fooled 78 per cent of the time, whereas Amazon’s API was fooled 68 per cent of the time.
“From experiments, we find that some deepfake generation methods are of greater threat to recognition systems than others and that each system reacts to deepfake impersonation attacks differently,” the researchers at Sungkyunkwan University wrote.
They continued, “We believe our research findings can shed light on better designing robust web-based APIs, as well as appropriate defence mechanisms, which are urgently needed to fight against malicious use of deepfakes.”
“Assuming the underlying face recognition API cannot distinguish the deepfake impersonator from the genuine user, it can cause many privacy, security, and repudiation risks, as well as numerous fraud cases,” the researchers warn. “Voice and video deepfake technologies can be combined to create multimodal deepfakes and used to carry out more powerful and realistic phishing attacks … [And] if the commercial APIs fail to filter the deepfakes on social media, it will allow the propagation of false information and harm innocent individuals.”
So… what next?
As the researchers have warned, it’s clear that the rapidly evolving nature of deepfake technology could pose a significant risk in terms of privacy and security. The issue has caused what could be thought of as a technological ‘arms race’—between deepfake developers with ill intent and deepfake detectors—attempting to rid fraudulent deepfakes from the web. Microsoft has recently launched its own deepfake combating solution, a tool that can analyse a still photo or video to provide a score of its level of confidence that the media hasn’t been artificially manipulated.
Deepfake detectors work in a similar way to the way deepfakes do, making use of machine learning models in order to detect the videos. However, deepfakes have also found a way to fool detectors, including adversarial examples in every frame to confuse the AI system. It’s been reported that deepfake attacks of this nature have an impressive success rate from 78 to 99 per cent.
The future is still unknown: it’s difficult to predict the future of the tech industry in general—let alone a technology that has only really surfaced within the last five years or so. Some forecast a dystopian future in which deepfakes will evolve to a point where you can’t trust any footage online. Others take a more optimistic approach, comparing deepfakes to animation—suggesting that it could bring a new wave of content production. However, as facial recognition continues to become more embedded in our own lives, from unlocking your phone to more stringent security measures, it’s clear that measures need to be taken in order to stop cybercriminals from misusing the technology for their own purposes.
