How easy deepfake can join your Zoom and Google meeting

VXRL
4 min readFeb 20, 2024

Researchers: {alanh0, darkfloyd}

Deepfake technology leverages advanced artificial intelligence and machine learning algorithms, primarily deep learning, to create highly realistic video and audio content.

Deepfake technology, while innovative, poses a significant risk for scams and fraud. By generating realistic videos or audio recordings, scammers can impersonate trusted individuals or public figures to manipulate victims, commit identity theft, or spread misinformation.

Recently there’s news about “AI-generated scams after city leader John Lee appears to back investment plan in fake video”

Another news about “Company worker in Hong Kong pays out £20m in deepfake video call scam”

As cybersecurity researchers, we tested deepfake software, unless you want to train your model, the software is quite easy to use. Some will swap the faces in existing video files, and some can even swap the faces in real time.

The idea is very simple, you have the camera (I don’t have a webcam for my desktop, so I use droidcam instead, which makes your Android phone a webcam).

The deepfake software will take the droidcam as the source, and there is a list of models for swapping the faces in real-time. I picked John Wick as POC.

The software can output the merged frame in a new window, which OBS can use to become the source of the virtual camera.

In Zoom, select the video source to be OBS virtual camera, and then I can use this face to join the Zoom meeting. The video looks smooth but the audio is a bit delayed. (this is one of the flaws that you can identify from deepfake videos)

As you can see, John Wick has just joined the Zoom meeting.

Edited:

Our researcher Darkfloyd has sent some Zoom meeting screen captures to different connections, some of them believed we were having meetings with real celebrities. 😅

Therefore, we have to be alert.

Deepfake scams and frauds are becoming increasingly sophisticated, making it challenging to distinguish between real and manipulated content. Here are some tips to help you avoid falling victim to these deceptive practices:

  • Approach videos and audio recordings with skepticism, especially if they contain unusual or sensational content. Analyze for inconsistencies in lighting, shadows, or facial expressions.
  • Check the authenticity of the content by verifying it against reputable sources. Look for the same news or information on trustworthy websites.
  • For audio deepfakes, pay attention to the voice’s cadence, any unnatural pauses, or sounds that seem out of place. These can be indicators of manipulated content.
  • Be cautious about sharing personal information online, especially on social media, as it can be used to create deepfakes or conduct targeted scams.
  • Some content creators and platforms embed digital watermarks or use blockchain technology to authenticate media. Tools and browser extensions can help you identify these marks.
  • If you encounter a deepfake or any content that seems designed to scam or defraud, report it to the platform hosting the content and, if necessary, to local authorities.

Extracted from the Zoom meeting, John Wick can speak fluent Cantonese :)

--

--

VXRL

VXRL Team is founded by group of enthusiastic security researchers, providing information security services and contribute to the community. https://www.vxrl.hk