Alexander Gorshkov, Director of Business Development at IRIS DEVICES
Today, breakthroughs in AI are usually associated with the rapid development of neural network models towards large language models (LLM) for texts and multimodal GenAI systems capable of working with multimedia data. How does this development affect the evolution of biometric products, solutions, and services?
About the mythical dangers of GenAI for biometrics
The most significant impact on the development of biometric products will be the improvement of artificial vision systems, image recognition algorithms and object selection in images, as well as the generation of photo and video images. However, the level of HYPE in society does not reflect real achievements in this area, and sometimes even provokes myths that are unrelated to reality.
Unfortunately, the opinion has become stronger in the public consciousness that generated images can be used for training and testing biometric identification solutions. Perhaps such a decision may be justified for load testing. But for training biometric neural network algorithms, this approach can lead to unpredictable results. There is a high probability of the following problem: by training the system on the data generated with distortion, you can get the opposite effect on the accuracy of identification when working with real data.
Another example is the synthesis of speech messages in different languages, which is being declared a major new threat to biometric identification solutions. The danger is not multilingual speech generation algorithms, but the fundamental possibilities of voice generation. The fact is that scammers usually affect a well-defined target audience, and multilingual speech generation is not required for these purposes. An attack using a generated voice usually targets a specific country, region, or group of individuals. And for financial institutions, voice attacks may well be minimized.
The main problem of voice identification for banks is that they can only use context-sensitive biometrics and cannot identify all callers to the contact center without their consent. After the initial identification of the caller by phone number, clarification of the name / patronymic, it becomes known whether the client has given consent to biometric identification. And if such consent has been given, then the client is asked to name the code word. The bank is currently carrying out such a procedure. But in this case, it is possible to implement context-sensitive biometric identification by a keyword or even an entire phrase. And here again, multilingual speech generators are not needed.
Of course, impressive descriptions of targeted APT attacks using generated fake images, voices, and videos receive the most publicity in the media. To protect against attacks using deepfakes, you need to understand what or whom you need to implement such protection against. If we are discussing an example with the transfer of large sums after telephone or video calls, as in the widely replicated story of the theft of millions of dollars from a Hong Kong company through a series of video sessions with generated characters, then in this case compliance with the developed regulations can be protected. For example, the transfer of funds over a certain amount is only by written order. Perhaps even signed by several employees or managers. Of course, in this case, deception and fraud cannot be completely excluded, but such deception can be implemented without using deepfakes.
The situation is similar with video evidence. No court will accept a certain video as video evidence: it is necessary to prove the origin of this video, find the author or witness that it was made in the exact place and at the time the applicant is talking about.
Another point that is usually overlooked: for some reason, biometrics and the risks of using it are associated exclusively with the face and voice. This is probably due to the fact that the use of these modalities is regulated by law. But there are other biometrics that are much more difficult to fake, for example, the iris of the eyes or the pattern of the veins of the palm. So far, there are generally unknown cases of deception using deepfakes of multimodal and multispectral biometric identification algorithms. It is clear that in the course of the evolutionary development of the biometrics industry, new identification methods will appear. For example, according to the acoustics of the auditory canal or the frequency characteristics of the skin.
At the same time, it should be understood that in the absence of direct global confrontation, the myth of the invincibility of Western, American or Chinese LLM technologies and multimodal models remains. And in order for this myth to remain indestructible, each country conducts its own tests and demonstrations. But such competitions do not reflect the real situation, since algorithms of different generations often take part in the competitions. The most reliable information is probably available only to the special services, but they will not share it…
… And about real methods of protection
Today, the greatest danger is not the generation of fake videos, but the creation of fake documents using artificial intelligence algorithms. Namely, the replacement of a photo of a fake document with a specially generated one, when the created photo for the document simultaneously looks like both the face of the passport holder and the fraudster. However, there is a fairly simple and effective protection against such fraud using biometric solutions.
Thus, to the question of whether companies urgently need to add the risks of deepfakes to the list of mandatory information security measures today, there is an unambiguous answer: companies always have regulations and scripts for identifying a person, and security ultimately depends on how well these scripts are written and followed. For example, when I am approached through a hacked WhatsApp account with a request to urgently transfer money to a friend, I ask the question, why did this person not contact his brother? And I know that my friend has a brother. And then I ask, why didn’t he turn to his sister? But my friend doesn’t have a sister.… Scripts can be complicated with specific names or details, for example: “Your brother from Vladimir can transfer money to you, I recently returned the debt to him.” There is another simple way to protect against this type of fraud, and I use it. I just immediately answer that I transferred the money, and to the puzzled question of how, if I have not yet been given the card details, I answer that by phone number. The scammer disappears immediately.
A separate topic is the ease of creating and the difficulty of detecting political deepfakes, which is often discussed in the blogosphere. In terms of these “horror stories”, on the one hand, you need to remember that “every gopher is an agronomist”: every blogger considers himself an expert, and millions of subscribers listen to them and believe all the nonsense that such bloggers carry. On the other hand, there are official information channels that are responsible for the reliability of the information being disseminated. And if these channels are hacked and false information is disseminated through them, then no methods of detecting deepfakes will help. In this case, it is necessary first of all to take care of the protection of such information channels.
And this is a really serious challenge. In fact, today there are no technological limitations for creating high-quality online deepfakes. Deepfakes are created as well as customers are willing to pay for it. If this is a joke, then minor differences will not bother anyone. And if this is a targeted attack, then the one who is ready to fully believe everything and in everything will believe in the case of mediocre implementation. If people believe “police officers” with a clear foreign accent, why shouldn’t they believe in a hastily made deepfake?
So what kind of future should we prepare for?
In military affairs and information security, there is such a thing as layered protection. Only an integrated approach will ensure effective protection of critical infrastructure, secrecy of information, personal data and finances. Based on this, it is necessary to build physical and information protection.