Security Team: At the 2015 BlackHat conference, global hackers unanimously agreed that facial recognition technology is the most unreliable method of identity authentication. Nearly a decade later, with advancements in AI technology, we now have near-perfect “magic” that can replace human faces. It is clear that ordinary visual facial recognition can no longer provide security guarantees. Therefore, it is more important for identification parties to upgrade algorithmic recognition techniques and prevent deepfake content.
Regarding the risks of AI face swapping, apart from protecting their own privacy and biological data, users can do very little. Here are some small suggestions:
1) Use facial recognition applications cautiously
When choosing to use facial recognition applications, users should select those with good security records and privacy policies. Avoid using applications from unknown sources or with questionable security, and regularly update software to ensure the use of the latest security patches. Previously, many small loan company apps in China violated user’s facial data by reselling it.
2) Understand multi-factor authentication (MFA)
Single biometric authentication carries greater risks, so combining multiple authentication methods can significantly enhance security. Multi-factor authentication (MFA) combines various verification methods such as fingerprint, iris scanning, voice recognition, and even DNA data. For identification parties, this combination of authentication methods can provide an additional security layer when one authentication method is compromised. For users, protecting their privacy data in this aspect is equally important.
3) Maintain skepticism and guard against fraud
Clearly, with the ability of AI to imitate faces and voices, impersonating someone over the internet has become much easier. Users should be particularly cautious of requests involving sensitive information or fund transfers, implement two-factor authentication, and confirm the identity of the other party through phone calls or face-to-face interactions. Stay vigilant, do not easily believe in urgent requests, and recognize common scams such as impersonating executives, acquaintances, or customer service representatives. Nowadays, there are also many cases of impersonating celebrities, so one should be careful when participating in certain projects and beware of “fake platforms.”
OKX Web3 Wallet Security Team: In general, emerging virtual technologies bring new risks, which in turn lead to new research on defense methods, and new research on defense methods brings about new risk control products.
1) AI forgery risk
In the field of AI face swapping, there have already been many AI forgery detection products available. The industry has proposed several methods for automatically detecting fake videos, focusing on detecting unique elements (fingerprints) generated through the use of deepfake in digital content. Users can also identify AI face swapping through careful observation of facial features, edge processing, lip synchronization, and other methods. In addition, Microsoft has developed a series of tools to educate users on deepfake detection capabilities, allowing users to learn and enhance their own identification abilities.
2) Data and privacy risks
The application of large models in various fields has also brought about risks to user data and privacy. When using conversational AI, users should pay attention to the protection of personal privacy information and avoid directly entering key information such as private keys, keys, and passwords. It is recommended to hide key information through substitution, obfuscation, and other methods. For developers, Github provides a series of friendly checks. If the submitted code contains OpenAI apikeys or other privacy leaks, the corresponding push will report an error.
3) Misuse of content generation
In users’ daily work, they may encounter many results generated by large models. Although these contents are effective, the misuse of content generation also brings about false information and issues regarding knowledge copyrights. Some products have been developed to detect whether text content has been generated by large models, reducing corresponding risks. Furthermore, when using code generation from large models, developers should pay attention to the correctness and security of the generated code. For sensitive or open-source code, thorough review and auditing are necessary.
4) Daily attention and learning
In users’ daily browsing of short videos, long videos, and various articles, it is important to consciously judge and recognize possible AI generated or forged content. This includes common male and female narrators, incorrect pronunciation, and common face-swapping videos. In critical situations, users should consciously judge and recognize these risks.
Q6: From a professional perspective, please share some recommendations for physical device security.
OneKey Security Team: Based on the various risks mentioned earlier, we summarize the protection measures as follows:
1) Guard against the risk of intrusion into connected devices
In our daily lives, connected devices are ubiquitous, but this also brings potential intrusion risks. To protect our high-risk data (such as private keys, passwords, and MFA backup codes), we should use strong encryption methods and choose storage methods that isolate the network as much as possible to avoid storing this sensitive information in plain text on the device. Additionally, we need to remain vigilant against phishing and Trojan attacks. It is advisable to consider using dedicated devices for cryptographic asset operations and separate them from other general-purpose devices to reduce the risk of attack. For example, we can keep our everyday laptop separate from the hardware wallet used to manage cryptographic assets, so even if one device is compromised, the other device remains secure.
2) Maintain physical monitoring and protection
To further ensure the security of our high-risk devices (such as hardware wallets), we need to implement strict physical monitoring and protection measures. These devices at home should be stored in high-standard safes equipped with comprehensive smart security systems, including video surveillance and automatic alarm functions. When traveling, it is important to choose hotels with secure storage facilities. Many high-end hotels offer dedicated security storage services, which provide an additional layer of protection for our devices. Additionally, we can consider carrying portable safes to ensure the protection of our important devices in any situation.
3) Reduce risk exposure and prevent single points of failure
Distributing devices and assets is a key strategy for reducing risk. We should not store all high-privilege devices and cryptographic assets in one place or one wallet. Instead, we should consider storing them in secure locations in different geographical areas. For example, we can store some devices and assets at home, office, and with trusted relatives. Furthermore, using multiple hot wallets and hardware cold wallets is an effective method. Each wallet can store a portion of the assets, reducing the risk of single points of failure. To increase security, we can also use multi-signature wallets that require multiple authorized signatures for transactions, significantly enhancing the security of our assets.
4) Prepare for worst-case scenarios
It is crucial to formulate contingency plans for potential security threats. For high-net-worth individuals, maintaining a low-profile approach is an effective strategy to avoid becoming a target. We should avoid flaunting our cryptographic assets in public and strive to keep our property information discreet. Additionally, having emergency plans for device loss or theft is necessary. We can set up decoy wallets to temporarily deal with potential criminals while ensuring the ability to remotely lock or wipe data from important devices (with backups). Hiring a private security team can provide additional security when traveling to high-risk areas, utilizing special VIP security channels and high-security hotels to ensure our safety and privacy.
OKX Web3 Wallet Security Team: We will provide recommendations from two levels: the OKX Web3 app level and the user level.
1) OKX Web3 app level
The OKX Web3 Wallet employs various measures to strengthen the app, including but not limited to algorithm obfuscation, logic obfuscation, code integrity checks, system library integrity checks, application tamper protection, and environment security checks. These measures greatly reduce the probability of users being attacked by hackers while using the app and minimize the chances of the app being repackaged by malicious actors.
Furthermore, at the Web3 Wallet data security level, we use state-of-the-art hardware security technology to encrypt sensitive data in the wallet using chip-level encryption methods. This encrypted data is bound to the device’s chip, making it impossible for anyone to decrypt the data if it is stolen.
2) User level
In terms of users’ physical devices, including hardware wallets, commonly used computers, and mobile devices, we recommend strengthening security awareness in the following aspects:
Hardware Wallets: Use well-known brands of hardware wallets, purchase them from official channels, and generate and store private keys in isolated environments. The medium used to store private keys should be fireproof, waterproof, and theft-proof. It is recommended to use fireproof and waterproof safes to store private keys or mnemonic phrases in different secure locations to enhance security.
Electronic Devices: For mobile phones and computers that have software wallets installed, it is advisable to choose brands with better security and privacy, such as Apple. Also, minimize the installation of unnecessary applications and maintain a clean system environment. Use Apple ID to manage multi-device backups, avoiding single-device failures.
Daily Use: Avoid performing sensitive wallet device operations in public places to prevent camera recording leaks. Regularly use reliable antivirus software to scan device environments. Regularly check the reliability of the physical device storage location.
Finally, thank you for reading the 4th issue of OKX Web3 Wallet’s “Security Special.” We are currently preparing content for the 5th issue, which will include real-life cases, risk identification, and practical security operations. Stay tuned!
This article is for reference only. It does not intend to provide (i) investment advice or recommendations; (ii) offers or solicitations to buy, sell, or hold digital assets; or (iii) financial, accounting, legal, or tax advice. Holding digital assets (including stablecoins and NFTs) involves high risks and may experience significant volatility or even become worthless. You should carefully consider whether trading or holding digital assets is suitable for you based on your financial situation. Please be responsible for understanding and complying with relevant local laws and regulations.
This article is provided by the official team and does not represent the position or investment advice of this website. Readers must conduct their own careful evaluation.
