Hackers crack smartphone and bank security with deepfakes

Plundering bank account with deepfake

Biometric identification has been a familiar concept in the smartphone industry and the financial world for years. In it, a fingerprint, iris scan or facial profile protects your cell phone and your bank account from unauthorized access. In the early days, there were some teething problems -for example, it was initially possible to unlock a device with a passport photo- but over the years, solutions have been devised to these imperfections.

With the rapid development of algorithms and artificial intelligence, hackers have come up with a new trick to target victims. By installing a malicious program on your smartphone, they gain access to your login credentials, fingerprint and facial profile. Once criminals get their hands on this information, they can use artificial intelligence to create a fake image of a person's face relatively easily. This is also known as a deepfake. They then use this fake video of someone's face to gain access to his or her bank account.

According to The Telegraph, it is a new method of hacking that surprises even experts. Lawyer and researcher Ot van Daalen says he has not seen this method of hacking before. At the same time, he did see it coming. "The technology to copy faces and thus create deepfakes is developing all the time. Banks are still using facial recognition as a way to identify people. For criminals it is becoming increasingly attractive to plunder bank accounts this way."

'You can't do anything about it'

Most of the victims of this new hacking method are currently in Asia. But according to Van Daalen, it is a matter of time before it starts causing problems in our country as well. Now hackers first have to infect a cell phone with a rogue app, which is mostly done through phishing. Possibly in the future that will no longer be necessary and attackers will have enough with a profile picture or video they take from social media.

"There's nothing you can do about it," Van Daalen warns. "Pictures of your face are all over the Internet, on the street you walk past cameras and they film you. That data can also be stolen. It's impossible to get around that."

ING takes 'visible and invisible' measures

The lawyer and researcher believes that the responsibility of keeping your bank account safe lies with banks. They should find ways to protect their customers' accounts from deepfakes.

One of the banks aware of the dangers of deepfakes is ING. The bank confirms to De Telegraaf that it is taking various "visible and invisible" measures to ensure that customers can bank online safely. However, customers also have their own responsibility. "We also always warn our customers not to click on links that might allow you to download malware," a spokesman said.

ING sees that the way criminals operate is constantly changing and becoming more inventive. "AI is an important development that is already widely used in the world around us. We take this type of technology very seriously and are monitoring developments in this area to determine how we take this into account in our services," the bank said in a comment.

Here's what you can do as a consumer to protect yourself

As a consumer, there are a number of ways you can guard against this new hacker trick. To prevent hackers from installing rogue apps on your smartphone, it is wise to download applications only through the Google Play Store or App Store. Sideloading -installing apps outside Google and Apple's official app stores- increases the risk that you will bring in malicious software. In addition, don't just click on links in messages: before you know it, you'll be installing malware on your smartphone that way.

Finally, it is advisable to think critically about who has access to your social media, and what photos you do and do not post on your socials. The more images you put of yourself online, the easier you make it for criminals to abuse your face.