AI-based deepfakes to undermine face biometrics: Gartner


By Dylan Bushell-Embling
Tuesday, 06 February, 2024

AI-based deepfakes to undermine face biometrics: Gartner

The rise of generative AI will threaten the integrity of face biometrics, research firm Gartner has predicted.

The research firm believes that by 2026, attacks using AI-generated deepfakes on face biometrics will result in 30% of enterprises no longer considering the identity authentication solution to be reliable in isolation.

As a result, Gartner is recommending that CISOs and risk management leaders choose identity vendors that can demonstrate that they have the capabilities and a plan that goes beyond current standards and are monitoring, classifying and quantifying the emerging class of deepfake attacks.

Gartner VP Analyst Akif Khan said presentation attacks, involving a threat actor using someone else’s physical characteristics to impersonate a legitimate user, are the most common attack vector. But injection attacks, involving bypassing the charged-coupled device of a camera to inject pre-recorded content, increased by 200% in 2023.

“In the past decade, several inflection points in the field of AI have occurred that allow for the creation of synthetic images. These artificially generated images of real people’s faces, known as deepfakes, can be used by malicious actors to undermine biometric authentication or render it inefficient,” Khan said. “As a result, organisations may begin to question the reliability of identity verification and authentication solutions, as they will not be able to tell whether the face of the person being verified is a live person or a deepfake.”

Preventing such attacks will rely on a combination of presentation attack detection, injection attack detection and image inspection, Khan said.

Organisations should start defining a minimum baseline of controls by working with vendors that have specifically invested in mitigating the latest deepfake-based threats using IAD coupled with image inspection,” he said.

Once a baseline is set, CISOs and risk management leaders will need to include additional risk and recognition signals such as device identification and behavioural analytics, Gartner warned.

Image credit: iStock.com/wildpixel

Related News

China-linked attackers exploiting trusted relationships

A new report from CrowdStrike finds that China-nexus adversaries are increasingly exploiting...

82% of unis at high risk of email phishing: Proofpoint

Analysis from Proofpoint found that only 18% of Australian universities have implemented the...

Tesserent Academy secures ISACA training accreditation

Tesserent Academy and ALC Training have been classified as accredited cybersecurity training...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd