At the conference, global hackers unanimously agreed that facial recognition technology is the most unreliable method of identity authentication. After nearly a decade, with the advancement of AI technology, we now have almost perfect “magic” to replace faces. It is clear that ordinary visual facial recognition can no longer provide adequate security. Therefore, it is necessary for recognition providers to upgrade their algorithm technology to identify and prevent deepfake content.
In terms of the risks of AI face swapping, there is not much that users can do apart from protecting their own biometric data and privacy. Here are some small suggestions:
1) Use facial recognition applications cautiously
When choosing facial recognition applications, users should select those with good security records and privacy policies. Avoid using applications from unknown sources or with questionable security, and regularly update the software to ensure the use of the latest security patches. In the past, many small loan company apps in China violated user privacy by selling their facial data.
2) Understand multi-factor authentication (MFA)
Single biometric authentication poses significant risks, so combining multiple authentication methods can significantly enhance security. Multi-factor authentication (MFA) combines various verification methods, such as fingerprints, iris scans, voice recognition, and even DNA data. For recognition providers, this combination of authentication methods can provide an additional security layer when one method is compromised. For users, protecting their privacy data in this aspect is equally important.
3) Maintain skepticism and guard against scams
It is evident that with AI’s ability to mimic faces and voices, impersonating someone over the internet has become much easier. Users should be particularly cautious when dealing with requests involving sensitive information or fund transfers. Adopting double verification through phone calls or face-to-face confirmation of the other party’s identity is recommended. Remain vigilant and do not easily trust urgent requests, and be able to identify common scams such as impersonation of executives, acquaintances, or customer service representatives. Nowadays, there are also many impersonations of celebrities, so be careful when participating in projects and watch out for “fake platforms.”
OKX Web3 Wallet Security Team: Generally speaking, emerging virtual technologies bring new risks, and these risks, in fact, bring new research on defense methods, which in turn leads to new risk control products.
1. AI forgery risks
In the field of AI face swapping, there have been many AI face swapping detection products. The industry has proposed several methods to automatically detect fake videos, focusing on detecting unique elements (fingerprints) generated by the use of deepfake in digital content. Users can also identify AI face swapping through careful observation of facial features, edge processing, asynchronous audio and video, and other methods. In addition, Microsoft has introduced a series of tools to educate users about the ability to recognize deepfakes, allowing users to learn and enhance their own recognition abilities.
2. Data and privacy risks
The application of large models in various fields also brings risks to user data and privacy. When using conversational robots in daily life, users should pay attention to the protection of personal privacy information and avoid directly inputting sensitive information such as private keys, keys, and passwords. It is recommended to hide key information through substitution, confusion, and other methods. For developers, Github provides a series of friendly checks. If there is a risk of privacy leakage, such as the submission of code containing OpenAI API keys, the corresponding push will result in an error.
3. Content generation abuse risks
In daily work, users may encounter many results of large model-generated content. Although this content is effective, its misuse can lead to false information and copyright issues. There are now products available to detect whether text content is generated by a large model, which can reduce corresponding risks. In addition, when using generated code from large models, developers should pay attention to the correctness and security of the generated code. For sensitive or open-source code, thorough review and auditing are necessary.
4. Daily attention and learning
When browsing short videos, long videos, and various articles, users should consciously judge and recognize possible AI forgeries or AI-generated content. Common signs include male or female voiceovers, pronunciation errors, and common face-swapping videos. In critical situations, users should consciously judge and identify these risks.
Q6: From a professional perspective, please share some physical device security recommendations.
OneKey Security Team: Based on the various risks mentioned earlier, we summarize the protective measures as follows.
1. Guard against the intrusion risk of connected devices
In our daily lives, connected devices are everywhere, but they also bring potential intrusion risks. To protect our high-risk data (such as private keys, passwords, MFA backup codes), we should use strong encryption methods and choose storage methods that isolate the network as much as possible. Avoid storing these sensitive information directly in plaintext on devices. In addition, we need to always be vigilant against phishing and Trojan attacks. Consider using dedicated devices for cryptocurrency operations and separate them from other general-purpose devices to reduce the risk of being attacked. For example, we can keep our everyday laptops separate from hardware wallets used to manage cryptocurrency assets, so even if one device is compromised, the other device remains secure.
2. Maintain physical monitoring and protection
To further ensure the security of high-risk devices (such as hardware wallets), we need to implement strict physical monitoring and protection measures. These devices at home should be stored in high-standard safes equipped with comprehensive smart security systems, including video surveillance and automatic alarm functions. It is particularly important to choose hotels with secure storage facilities when traveling. Many high-end hotels provide dedicated secure storage services, which provide an additional layer of protection for our devices. Additionally, consider carrying a portable safe to ensure the protection of our important devices in any situation.
3. Reduce risk exposure and prevent single points of failure
Diversifying the storage of devices and assets is a key strategy for reducing risks. We should not store all high-privilege devices and cryptocurrency assets in one place or one wallet. Instead, consider storing them in secure locations in different geographical locations. For example, we can store some devices and assets at home, in the office, and with trusted friends or family members. In addition, using multiple hot wallets and hardware cold wallets is an effective method, with each wallet holding a portion of the assets to reduce the risk of single points of failure. To increase security, we can also use multi-signature wallets that require multiple authorized signatures for transactions, significantly enhancing the security of our assets.
4. Prepare for worst-case scenarios
When facing potential security threats, it is crucial to establish emergency measures for worst-case scenarios. For high-net-worth individuals, maintaining a low-profile approach is an effective strategy to avoid becoming a target. We should avoid flaunting our cryptocurrency assets in public and try to keep information about our wealth discreet. In addition, it is necessary to develop emergency plans for device loss or theft. We can set up decoy wallets to temporarily deal with potential robbers while ensuring that the data on important devices can be remotely locked or erased (with backups). When traveling in high-risk areas, hiring a private security team can provide additional security assurance, along with the use of special VIP security channels and high-security hotels to ensure our safety and privacy.
OKX Web3 Wallet Security Team: Let’s discuss security recommendations from two perspectives: the OKX Web3 app level and the user level.
1. OKX Web3 App level
The OKX Web3 Wallet uses various methods to reinforce the app, including algorithm obfuscation, logic obfuscation, code integrity checks, system library integrity checks, application tamper resistance, and environment security checks. These measures greatly reduce the probability of users being attacked by hackers while using the app. They also minimize the likelihood of black market vendors repackaging our app.
In terms of Web3 wallet data security, we utilize state-of-the-art hardware security technology and chip-level encryption to encrypt sensitive data in the wallet. This encrypted data is bound to the device’s chip, making it impossible for anyone to decrypt the data if it is stolen.
2. User level
Regarding the physical devices involved, including hardware wallets, commonly used computers, and mobile phones, we recommend that users strengthen their security awareness in the following areas:
1) Hardware wallet: Use well-known brands of hardware wallets purchased through official channels, and generate and store private keys in isolated environments. The storage medium for private keys should be fireproof, waterproof, and theft-proof. It is recommended to use a fireproof and waterproof safe to store them, dispersing private keys or mnemonic phrases in different secure locations to enhance security.
2) Electronic devices: For smartphones and computers that have software wallets installed, it is advisable to choose brands with good security and privacy features (such as Apple) and minimize the installation of unnecessary applications to maintain a clean system environment. Use Apple ID to manage multi-device backups to avoid single-machine failures.
3) Daily usage: Avoid performing sensitive wallet device operations in public places to prevent camera recording and leakage. Regularly use reliable antivirus software to scan the device environment. Conduct regular checks on the reliability of the physical device storage location.
Lastly, thank you for reading the 4th issue of the OKX Web3 Wallet “Security Special”. We are currently preparing the content for the 5th issue, which will include real cases, risk identification, and practical security operations. Stay tuned!
Disclaimer:
This article is for reference only and does not intend to provide (i) investment advice or recommendations; (ii) solicitations or offers to buy, sell, or hold digital assets; or (iii) financial, accounting, legal, or tax advice. Holding digital assets (including stablecoins and NFTs) involves high risks and may experience significant volatility, even becoming worthless. You should carefully consider whether trading or holding digital assets is suitable for you based on your financial situation. You are solely responsible for understanding and complying with applicable local laws and regulations.
