Real-Time AI-Generated Deepfakes are here: An Imminent Threat for Virtual Meetings
SAFAS

SAFAS

September 23, 2024

Real-Time AI-Generated Deepfakes are here: An Imminent Threat for Virtual Meetings

In recent years, AI-generated content has evolved to the point where deepfake technology has materialized from theory to a major threat in virtual meetings. Key advancements in AI-generated content have fueled this rise in impersonation attempts, particularly in the professional world, where sensitive communications often occur over desktop-based video calls. Unfortunately, these same advancements have enabled cybercriminals to bypass traditional security measures with alarming ease: Whether it’s a fraudster impersonating an executive to defraud a subordinate for financial gain, or simulating an employee to access sensitive company information, the applications of this technology are are diverse. Financial fraud and data breaches are some of the more dangerous consequences, with bad actors able to trick their targets using lifelike simulations of real people.

Identity Verification: A Partial Solution

The B2B world’s most common proposal to tackle this growing problem is to embed more biometric identity verification (IDV). Technology such as Apple’s Face ID leverages machine learning and facial biometrics to verify the iPhone user’s facial biometrics before admitting access to the phone or processing a purchase. This approach relies on sophisticated algorithms that can match a person’s facial features to an image stored in a secure system.

And IDV technology is indeed highly effective for use cases that are deeply integrated with access to hardware itself, which is why most IDV will involve a mobile-based application such as when boarding your flight at the airport using your phone, or when using your mobile banking app. That is why fraudsters have shifted focus to the business world where the most vulnerable scenario is the most common: Holding virtual meetings via desktop- and browser-based video conferencing. In these scenarios, IDV cannot distinguish between a legitimate webcam feed and a virtual camera feed that is injecting pre-recorded video of the real person, undermining its effectiveness in these scenarios.

As most identity verification systems are optimized for mobile devices, platforms like Zoom or Google Meet—which are primarily used on desktops—remain vulnerable to these kinds of attacks. This has turned desktop-based virtual meetings into a primary target for attackers seeking to exploit the gap between mobile and desktop security measures.

Unresolved Gaps: The Problem with Virtual Camera Injection

By focusing on mobile-first solutions, companies are overlooking the inherent weaknesses of desktop environments. This oversight creates a dangerous blind spot that attackers can easily exploit: Desktop-based video conferencing platforms is video injection via a virtual camera. On commonly used B2B videoconferencing tools such as Zoom, Google Meet, and WebEx, free tools like OBS can be used to create a virtual camera that feeds any content in real time, pre-recorded or live-generated. The virtual camera is then chosen by the fraudster to replace their live webcam feed with the alternative content, which includes pre-recorded video or even real-time deepfakes, making it difficult for meeting participants to discern whether they are speaking to a real person or an AI-generated doppelgaenger.

These vulnerabilities highlight the need for stronger verification methods within browser-based and desktop videoconferencing environments. Unfortunately, neither IDV nor videoconferencing apps like Zoom or Microsoft Teams are equipped to detect the use of virtual cameras in their browser-based meetings, and there is no way to understand whether a participant is joining from a browser or from the web application. The fact that a fraudster would target and exploit this well-known vulnerability effectively compromises the integrity of all business meetings, as proven with documented attacks of deepfake-impersonations in meetings that have caused millions of dollars in losses.

The Future of Secure Videoconferencing: Certified Hardware Streams

To address these vulnerabilities, the team at Safas came up with an unconventional solution: certified hardware streams. This technology guarantees the integrity of video feeds by ensuring that the content captured by the camera is exactly what is displayed during the video conference. By securing the video stream at the hardware level, it becomes impossible for attackers to swap out real-time footage with pre-recorded video or deepfakes through virtual camera injection.

This approach ensures that only authenticated, unmanipulated content is streamed during meetings, providing peace of mind to organizations concerned about the security of their virtual communications.

Conclusion: Securing the Future of Videoconferencing

As AI-generated content and deepfake technology continue to evolve, businesses must adapt to secure their everyday virtual communications at the root: By ensuring the integrity of hardware-streams, organizations can fortify the security of all their videoconferencing interactions. Certified authentic camera feeds are foundational for preventing real-time deepfakes and ensuring that what you see is what the camera captured, even on typically vulnerable desktop and web applications. Safas is still in closed stealth beta stage. Join the waitlist now to receive updates on when Safas becomes available, and be among the first to be contacted.