Dave Falkenstein, IOActive Senior Security Consultant, will be speaking at this year’s CanSecWest, taking place April 24 – 25 in Vancouver, Canada. Dave’s talk, ‘Deepfake Deception: Weaponizing AI-Generated voice Clones in Social Engineering Attacks,’ explores “a real-world red team engagement where AI-driven deep fake voice cloning was leveraged to test an organization’s security controls.” You can find an abstract to the talk below or here.
ABSTRACT:
As deepfake technology rapidly evolves, its application in social engineering has reached a new level of sophistication. This talk will explore a real-world red team engagement where AI-driven deep fake voice cloning was leveraged to test an organization’s security controls. Through extensive research, we examined multiple deepfake methods, from video-based impersonation for video calls to voice cloning for phishing scenarios. Our findings revealed that audio deep fakes were the most effective and hardest to detect by human targets.
In recent engagements, we have successfully cloned executives’ voices using audio samples extracted from publicly available podcast interviews. Trained AI models were then developed to convincingly replicate these targeted voices. These custom models were deployed on social engineering campaigns combined with call spoofing to build team awareness regarding sophisticated threat actor techniques.
This talk will provide attendees with an in-depth look at how threat actors exploit deepfake technology, the technical process of voice cloning, and the implications for enterprise security. We will also discuss countermeasures and detection techniques that organizations can implement to mitigate these emerging threats.