Blockchain solves a lot of problems in the world, but a former Coinbase CTO may now regret suggesting it’s the answer to deepfake audio attacks.
A fortnight ago one of the world’s first AI-powered deepfake heists came to public attention.
Hackers used synthetic audio to imitate a chief executive’s voice and tricked his subordinate into transferring a quarter of a million dollars into a secret account.
“The software was able to imitate the voice, and not only the voice: the tonality, the punctuation, the German accent,” a spokesperson for the company’s insurer, Euler Hermes told The Washington Post.
Not the first deepfake attack
Hermes said they were aware of three other cases of voice fraud using deepfake AI technology and Symantec told the Washington Post.
The attack shows just how unprepared we are to combat deepfake audio and video attacks.
Provided any of them actually were deepfake attacks of course, and not just a talented impressionist bunging on an accent in a social engineering attack.
— Tal Be'ery (@TalBeerySec) September 8, 2019
If not now, then soon anyway
Deepfake audio and video are now so advanced they can be undetectable by humans in many cases – though experts suggest unnaturally blinking eyes are a giveaway at present.
That’s why Facebook has just partnered with a range of heavyweights from MIT, Oxford, Berkley, and Microsoft on new AI technology to detect deepfake videos before they cause serious damage.
Facebook’s automatic detection couldn’t even identify user doctored videos of the Christchurch attack and pull them down.
Imagine the damage that could occur if a deepfake video of Trump saying he’s about to bomb China goes viral?
It’s really interesting techy stuff, so it’s no wonder it sparked an animated discussion.
Former CTO of Coinbase suggests ‘blockchain phone’
In a Twitter thread Balaji Srinivasan, the former CTO of Coinbase and general partner at Andreessen Horowitz, suggested implementing a verification system using a “blockchain phone” that uses your wallet to “provide a new kind of caller ID” via your “digital signature”.
With deepfake audio, a call itself can be realistically faked in the voice of the CEO.
Long term, this could mean blockchain phones where your crypto wallet is used to provide a new kind of caller ID via digital signature.
2FA for phone calls: your voice and your signature? https://t.co/MzEFYDETVo
— Balaji S. Srinivasan (@balajis) September 8, 2019
“We’re in the early stages of a vast and sweeping untrusting of society, like a mass certificate revocation. I think crypto is key to how we restore trust in society, though it will take decades,” he added in a second tweet.
After attracting some criticism with his comments, Srinivasan explained the idea further:
“Crypto solves the long-standing PKI (Public Key Infrastructure) problem by giving people a literal financial incentive to keep their private keys both secure and available at all times.”
Doesn’t sound like a terrible idea
On the face of it, it doesn’t sound like a bad idea. And, to be fair, some users were on board.
Twitter user Dylan said: “Blockchains also provide the ingredient that decentralized identity systems based on PKI were missing: a decentralized and tamper-resistant directory.”
Another user, Steven Buss, wrote: “This is a great idea …. Defending against deepfakes requires a culture shift: we will have to start defaulting to “I don’t believe this unless I see proof,” and that’s going to come from young people first.”
Daniel Ƀ, another proponent, said the idea was articulated poorly but “there’s something to it: you’d have a Decentralized Identifier that’s linked to a key in the TPM element on your phone, providing you the option to sign transmissions with it so people can have more assurance images, video, or audio came from you.”
But some people thought it was a terrible idea
Other Twitter users thought it was a terrible idea and didn’t hold back.
User Shinobi[#Toxic] lived up to his name: “What the f— is a blockchain phone? That is complete and utter buzzword gibberish … Just use cryptography … You do not need a “blockchain” for cryptographic authentication.”
Matt Heller added: “A phone call is just a stream of 0s/1s transformed into sound. Can be encrypted and access protected (PW, fingerprint etc) like any other data stream.”
Paywithcurl founder Mike Kelly said: “Please stop misrepresenting problems that are solved by public key crypto as use cases for blockchain. It makes the world dumber.”
Other people pointed out the problem may be solved already and that if the two participants had used an encrypted messaging app like Signal, Telegram, WhatsApp etc, then number spoofing wouldn’t work.
Evan Kaloudis called it: “Buzzword bs. Secure messengers that inform you when the other party”s keys have changed solve this problem and are already here.”
Doesn’t actually need a tech solution in this case
Of course, the problem in the case in question didn’t require a technological solution at all.
It could have been prevented with some training in social engineering attacks and implementing formal procedures around how and when employees are allowed to transfer large sums of money.
Regardless of whether a Blockchain phone could help prevent this attack, there’s a lot of agreement that blockchain can help combat deepfake videos. We’ll be covering that real soon.