Cryptographic authentication critical to fight deepfake & ID fraud (Guest blog by Armour Comms)
The first few weeks of a new prime minister has shown the importance of getting communications right, be that the message, the media or the timing. In business, the speed that negatively received messages can go viral has been supercharged by social media. Now think of the potential issues if those communications could be hacked, tampered with, or faked.
The rise of deepfake technologies capable of manipulating video and audio into totally believable corporate communications means it is increasingly critical to know that you are communicating with the person you think you are.
Deepfake fraud is here, now
There are an increasing number of real-world examples of ID fraud and deepfake scams. Over three years ago the Head of a UK subsidiary was tricked into transferring €200,000 to a Hungarian supplier on the instructions of the CEO of the German parent company. In reality, the conversation took place with an artificial intelligence (AI) equipped criminal gang using deepfake software to mimic the German Chief Executive’s voice patterns.
The software was able to perfectly impersonate the voice, including tone, punctuation and German accent, completely fooling the head of the UK subsidiary. The call was also accompanied by an email, supposedly from the CEO reiterating the payment instructions.
It’s no longer enough for organisations to protect sensitive corporate information and intellectual property, such as pricing, product formulas, research, customer lists, etc. It is vital that identities are also safeguarded and remain trustworthy.
Can you really trust video and audio?
Although we have seen deepfakes imitate celebrities and public figures in video format, it’s an endeavour that still takes hours of footage to achieve. Being able to fake voices convincingly takes fewer recordings to produce and with greater computing power will become easier to create. It begs the question can voice recognition be relied on as an accurate form of identity verification?
In the future, deepfake audio fraud is likely to be highly exploited in criminal activity. As the technology continues to evolve, it will become increasingly difficult to distinguish real audio from fake. If you want to ensure authentication of identity you need to use a seriously secure mobile comms service.
Help is out there
Solutions such as Armour Mobile use MIKEY-SAKKE identity-based encryption to secure multimedia services. This enables secure voice and video calls, voice and video conference calls, one-to-one and group messaging, and sending file attachments. The solution ensures that the parties exchanging calls and data are who they claim to be (hence the term “identity-based”).
The MIKEY-SAKKE protocol uses identity-based cryptography and is designed to enable secure, cross-platform communications by identifying and authenticating the end points. It is an efficient, effective and NCSC-accredited protocol for building a wide range of secure multimedia services for government and enterprises.
Get prepared… now
Deepfake scams may well have arrived but there are proven tools to identify the real from the fake. These help prevent fraudulent activity by enabling secure collaboration between trusted colleagues. Communications can be conducted within a closed user group and only trusted parties added to the system can call and message others. So, when discussing commercially sensitive information such as corporate intellectual property, financial transactions, and customer details, you need to know you can trust your communications.
Prepare your organisation now. The fakes will only become better as AI advances. If trust evaporates, business will become untenable.
For more information about MIKEY-SAKKE visit: https://www.ncsc.gov.uk/articles/using-mikey-sakke-building-secure-multimedia-services or: https://www.armourcomms.com/
Help to shape and govern the work of techUK’s Cyber Security Programme
Did you know that nominations are now open* for techUK’s Cyber Management Committee? We’re looking for senior representatives from cyber security companies across the UK to help lead the work of our Cyber Security Programme over the next two years. Find out more and how to nominate yourself/a colleagues here.
*Deadline to submit nomination forms is 17:00 on Tuesday 18 October.
Upcoming events
Get involved
All techUK's work is led by our members - keep in touch or get involved by joining one of the groups below.