What Hany Farid knows about defending against deepfakes

As deepfakes become more sophisticated, defenders need to keep up—an increasingly hard job, according to one expert.

The need to defend against deepfakes is critical, said Hany Farid, chief science officer and co-founder of GetReal Security and professor at UC Berkeley. Widely recognized as an expert in detecting deepfakes, he has witnessed video and audio fakery become increasingly sophisticated in recent years.

In a follow-up email to IT Brew, Farid said that many defenders are doing “nothing” and are “either blind to this new threat” of deepfakes, or “willfully blind.”

“Our entire sense of reality is on shaky ground,” Farid wrote. “So much of our day-to-day personal and professional lives is carried out on a flat screen, 18 inches from our face. We are not fully prepared for what happens when we simply can’t believe anything we see on these screens.”

How can IT professionals defend against the threat that’s right in front of their eyes?

Detection. Farid said he started thinking about media, photo, and video forensics “in the early days” of the early 2000s.

“I felt like we had a handle on the problem, and then we started hearing about deepfakes in 2016, 2017, and then generative AI really [started] becoming something around 2020, 2021, now you could really see something,” Farid said. “I was getting overwhelmed, and I would say that the reason I started this company, it was very selfish. It was like, ‘I can’t do this all by myself anymore. I can’t. The problem had gotten too big.’”

He emphasized that there are some days where he wants to give up, and others where his work is “invigorating.”

“Here’s what I know: [attackers] are not resting, they’re not stopping,” Farid said. “What I tell my students is, you’re gonna get knocked down and you’re going to have losses, you have two options: You can go sit in the fetal position in your bed, or you can brush yourself off and live to fight another day. I think that’s not just for the work we do, I think that’s just life in general.”

Reality. GetReal defends against deepfake attempts by separating a clips’ audio and video streams and testing if both are affected by the environment. When listening to an AI-generated voice, for example, it sounds “fine,” but it doesn’t have the same variations of a voice impacted by movement, surfaces, outside noises, and other factors.

“What we do is we generate lots and lots of AI-generated voices, we record lots of human voices, and we find patterns that distinguish in them,” Farid said. “And those patterns, what we do is we target the physical process of recording voices. So that essentially what we’re doing is we’re asking: Is this a person in a physical, three-dimensional space talking?”

Video presents a similar situation, Farid said.

For a classic deepfake video, such as a face swap (i.e., when someone’s face is replaced by another’s), the technology must mask any movement in the covered area. That introduces a “warping” artifact, which Farid said is plainly laid out in open-source libraries that actors use to create face-swap deepfakes.

“This is the most important part, there’s no silver bullet,” Farid said. “We do lots of different things, and each of them have strengths and weaknesses. Sometimes they do well here, sometimes they don’t.”

The average person crafting deepfakes, Farid said, is using off-the-shelf technology, which makes it easier for defenders like GetReal to detect. Even as some cases become easier to detect, however, others are growing more sophisticated.

Advice for defenders. When it comes to defending against deepfakes, Farid pointed to identifying the most likely attack techniques.

“We’ve all done these security trainings, which seem really silly, but the fact is, knowledge is power here,” Farid said. “If you know how your adversary operates, how they’re going to try to attack you, that’s not just about deepfakes, it’s everything.”

For virtual interviews and maintaining remote workspaces—two areas that have seen a proliferation of deepfake-powered attacks—organizations should rely on techniques during the employee onboarding process like identity and deepfake verification. That can help ensure that only authentic people pass a first interview.

For example, Farid said, organizations in the financial sector face the threat of account takeovers via attackers using deepfakes. Cyber-defenders at those organizations should consider moving away from just voice and face biometrics alone for verifying identity, and move to a posture of identity verification plus deepfake detection. (Other industry leaders have suggested that professionals get in the habit of asking participants on video calls for liveness checks in real time, such as showing their phone screen to the camera to verify the time and date.)

“We are seeing individuals, enterprises, governments being hit with deepfake power, generative AI-powered attacks,” Farid said. “If you think about the last 20 years, we thought about privacy, we didn’t think, ‘Oh, my voice and likeness will be out there, people will take it and be able to mimic me.’ Nobody saw that coming…We are seeing this real assault.”