Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/13/2019
09:00 AM
Alex Wawro, Special to Dark Reading
Alex Wawro, Special to Dark Reading
News
50%
50%

Black Hat Q&A: Defending Against Cheaper, Accessible ‘Deepfake’ Tech

ZeroFox's Matt Price and Mike Price discuss their work researching cybersecurity responses to the rising tide of 'deepfake' videos.

The tools and techniques to create false videos via AI-driven image synthesis are getting easier to access every year, and few people know that better than ZeroFox’s Matt Price and Mike Price (not related). In an email interview with Black Hat's Alex Wawro, the pair of security experts shared their latest research, which will be presented at Black Hat USA in Las Vegas this summer.

Alex: Why are 'deepfakes' important?

Matt: For me personally, I think deepfakes are important because of their potential to change political discourse, and just public discourse in general. We've already seen evidence of this, not even with deepfakes, but with people splicing videos and slowing them down. I think deepfakes have a lot of potential to do some good, especially when you think about movies and special effects, but they also have a lot of potential to cause problems.

Mike: Long story short, here at ZeroFox we do a lot of work in terms of analyzing content for security-related issues. We started off as a social media security company, and when I arrived here four or five years ago, most of what we were doing was 'Hey, is there something bad in this tech? Or, is there something bad in this image.' So that brought us to the question -- what about video?

A couple years ago, when deepfakes appeared on the scene, our research team organically took interest in the topic and we started looking into how they're created, and how we can develop protections against them. I've been working with Matt to really round out not just the offensive parts but also the defensive part: how do you detect these things, and do something against them?

Alex: How good is deepfake tech right now, and how quickly do you think it will pose a significant threat to security systems?

Mike: The research that's been done by other folks, and the work that we've done in understanding what's going on out there suggests that the tools and the resources required to produce deepfakes are much lower-cost now. Previously, stuff like this didn't really exist outside of Hollywood studios where they needed to synthesize a person's image. But now you have these tools where, anybody can download an open-source package and produce a fake video clip pretty quickly. So the cost has been brought down a ton, the complexity has been brought down a ton, so that's really the main risk factors.

As far as quality goes, from what we've seen there's still a lot of work going on to really perfect this stuff; you have a lot of little hiccups with regards to, for example, getting a variety of different videos, jumping through all kinds of hoops to get the right kinds of source images, and so on. So there are still a lot of hurdles to producing deepfakes that are really dynamic, with many people in the video moving around and changing positions. You see mostly short clips of a single person looking forward; there are still some limitations to what's easily accomplished with this tech.

But there's a lot of work going on. The tooling seems to be getting better and better, and people are doing a lot of exploration of different algorithms that may be able to produce better results with less input. So that's where things stand today. And as far as people using it for nefarious purposes, mostly we're seeing lots of proof-of-concept videos out there. Nicolas Cage is the guinea pig for a lot of the work being done, and then you see some political examples -- like the Obama video.

Alex: Why did you feel it was important to give this talk at Black Hat, and what do you hope attendees will get out of it?

Mike: A lot of people have asked about this subject; I know that in the federal space there are a lot of people thinking about whether this will be an issue in the future. So there's lots of questions in the air about what deepfake technology is, how it works, how real it can be, that sort of thing. We want to explain all that, and then walk you through what your options are for detecting deepfakes and doing something about it.

Matt: To piggyback off that, I'm mainly interested in the detection side, and I think this talk is important because I've seen some quite sensationalist headlines saying there is no solution to deepfakes, which isn't true. There are detection methods out there right now to detect deepfakes; DARPA's actually heavily investing in this area as well. So that's kind of the point, for me. We can detect deepfakes. There are tools to do it; this is just a security problem like any other.

Alex: What are you hoping to get out of Black Hat this year?

Matt: I'm really interested in some of the developments in neural networks and their applications to cybersecurity problems. My role at ZeroFox is mainly to run our data science program, so I'm always interested in the newest and latest tech on that front, and neural networks seems to be one of the hot topics for solving problems that traditionally we've had issues solving.

For more information about the ZeroFox Deepfake Briefing and many more check out the Black Hat USA Briefings page, which is regularly updated with new content as we get closer to the event. Black Hat USA returns to the Mandalay Bay in Las Vegas August 3-8, 2019. For more information on what’s happening at the event and how to register, check out the Black Hat website.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...