At the conference, global hackers unanimously agreed that facial recognition technology is the most unreliable method of identity authentication. After nearly a decade of advancements in AI technology, we now have almost perfect “magic” replacements for faces. It is clear that traditional visual facial recognition can no longer provide adequate security. Therefore, it is crucial for recognition systems to upgrade their algorithmic technology to identify and prevent deepfake content.
In terms of the risks associated with AI face swapping, there is not much that users can do apart from protecting their own biometric data. However, there are a few small suggestions that can be followed:
1) Use facial recognition apps with caution. When selecting facial recognition applications, users should choose those that have a good track record of security and privacy policies. Avoid using apps from unknown sources or those with questionable security, and regularly update the software to ensure the use of the latest security patches. In the past, many domestic loan companies’ apps violated users’ privacy by selling their facial data.
2) Understand multi-factor authentication (MFA). Single biometric authentication poses significant risks, so combining multiple authentication methods can significantly enhance security. MFA combines various verification methods such as fingerprints, iris scanning, voice recognition, and even DNA data. For recognition systems, this combination of authentication methods can provide an additional layer of security if one method is compromised. It is equally important for users to protect their privacy data in this regard.
3) Stay skeptical and beware of fraud. With the ability of AI to mimic faces and voices, it has become much easier to impersonate someone online. Users should be particularly cautious of requests involving sensitive information or fund transfers and adopt two-factor authentication by verifying the other party’s identity through phone calls or in-person confirmation. Maintain vigilance and do not easily trust urgent requests, and be able to identify common scams such as impersonating executives, acquaintances, customer service, etc. Nowadays, there are also many impersonations of celebrities, so caution is required when participating in certain projects and being aware of “fake platforms.”
OKX Web3 Wallet Security Team: Generally speaking, emerging virtual technologies bring new risks, which in turn lead to new research on defense techniques, and these research efforts will bring about new risk control products.
1) AI forgery risk. In the field of AI face swapping, there have been many AI face swapping detection products. The industry has proposed several methods to automatically detect fake videos, focusing on detecting unique elements (fingerprints) generated by the use of deepfake in digital content. Users can also identify AI face swapping through careful observation of facial features, edge processing, audio-visual synchronization, and other methods. In addition, Microsoft has launched a series of tools to educate users about deepfake recognition, allowing users to learn and enhance their own recognition abilities.
2) Data and privacy risks. The application of large models in various fields has also brought risks to users’ data and privacy. When using conversational robots, users should pay attention to the protection of personal privacy information and avoid directly inputting key information such as private keys, keys, and passwords. It is advisable to hide critical information through substitution, confusion, and other methods. For developers, GitHub provides a series of friendly checks. If there is a risk of privacy leakage, such as an OpenAI API key, the corresponding push will report an error.
3) Abuse of content generation. In users’ daily work, they may encounter many results of content generated by large models. Although this content is effective, its abuse can lead to false information and copyright issues. Now, there are also some products available to detect whether text content is generated by large models, which can reduce corresponding risks. In addition, developers should pay attention to the correctness and security of generated code. For sensitive or open-source code, thorough review and audits are necessary.
4) Daily attention and learning. When browsing short videos, long videos, and various articles in daily life, it is important to consciously judge and recognize possible AI forgeries or AI-generated content. Recognize common risks such as male or female voiceovers, pronunciation errors, and face-swapping videos in critical situations.
Q6: From a professional perspective, please share some physical device security recommendations.
OneKey Security Team: Based on the various risks mentioned earlier, we will summarize the protective measures from two perspectives: OKX Web3 APP and user levels.
1) OKX Web3 APP level
OKX Web3 Wallet employs various means to strengthen the app, including but not limited to algorithm obfuscation, logic obfuscation, code integrity detection, system library integrity detection, application tamper resistance, and environment security detection. These measures greatly reduce the probability of users being attacked by hackers while using the app and minimize the likelihood of the app being repackaged by malicious actors.
Furthermore, at the Web3 wallet data security level, we utilize state-of-the-art hardware security technology and chip-level encryption to encrypt sensitive data in the wallet. This encrypted data is bound to the device’s chip, making it impossible for anyone to decrypt the data if it is stolen.
2) User level
Regarding physical devices such as hardware wallets, personal computers, and mobile phones, we recommend that users enhance their security awareness in the following ways:
1) Hardware wallet: Use reputable brands of hardware wallets purchased from official channels and generate and store private keys in isolated environments. The medium used to store private keys should be fireproof, waterproof, and theft-proof. It is recommended to use fireproof and waterproof safes to store private keys or mnemonic phrases in different secure locations to enhance security.
2) Electronic devices: For smartphones and computers that have software wallets installed, it is advisable to choose brands with good security and privacy, such as Apple, and minimize the installation of unnecessary applications to maintain a clean system environment. Use Apple ID to manage multi-device backups to avoid single-device failures.
3) Daily use: Avoid performing sensitive wallet device operations in public places to prevent camera recording leaks. Regularly use reliable antivirus software to scan the device environment. Regularly check the reliability of the physical device storage location.
Finally, thank you for reading the 4th issue of the OKX Web3 Wallet “Security Special.” We are currently preparing for the 5th issue, which will include real case studies, risk identification, and practical security operations. Stay tuned!
Disclaimer: This article is for reference only and does not intend to provide (i) investment advice or recommendations; (ii) offers or solicitations to buy, sell, or hold digital assets; or (iii) financial, accounting, legal, or tax advice. Holding digital assets (including stablecoins and NFTs) involves high risks and may experience significant volatility or even become worthless. You should carefully consider whether trading or holding digital assets is suitable for your financial situation. Please take responsibility for understanding and complying with applicable local laws and regulations.