Another Move in the Deepfake Creation/Detection Arms Race

Deepfakes are now mimicking heartbeats

In a nutshell

  • Recent research reveals that high-quality deepfakes unintentionally retain the heartbeat patterns from their source videos, undermining traditional detection methods that relied on detecting subtle skin color changes linked to heartbeats.
  • The assumption that deepfakes lack physiological signals, such as heart rate, is no longer valid. This challenges many existing detection tools, which may need significant redesigns to keep up with the evolving technology.
  • To effectively identify high-quality deepfakes, researchers suggest shifting focus from just detecting heart rate signals to analyzing how blood flow is distributed across different facial regions, providing a more accurate detection strategy.

And the AI models will start mimicking that.

Tags: , ,

Posted on May 5, 2025 at 12:02 PM13 Comments

Comments

Clive Robinson May 5, 2025 1:23 PM

@ Bruce,

As you say,

“And the AI models will start mimicking that.”

Many years ago now I pointed out that all bio-metrics would or could be faked.

Likewise the first Woman to be Director of MI5 pointed out National ID cards would not work.

The reason is that you can not have sufficient security of the entire process.

Remember those “tamper proof” sample bottles used for athletic “drug tests” that Russia apparently had no trouble tampering with?

Well consider the CPU chip that compares the test reading with the stored reading has a limited security perimeter. Yes it can secure the “stored reading” but how far can it secure back along the test chain to the “alleged” meatbag?

The simple fact is the meatbag can not be secured even though the measuring sensor “might” be securable it leaves a gap in which,

“Angels might dance, but devils will play…”

And thus there is no security…

The UK and Australian Governments do not this widely known because of the latest idiocy of “Age Gating” for online access…

The simple facts are shocking when people find out

Most adults can not tell the sex of an unrelated child untill the child is over four years old and for some children not until they are entering puberty. It’s one of the reasons children’s clothing type and colour are significantly different as are their hair cuts.

But what about adults?

If you are of slim physique and moderate stature you are in effect how you dress and act. With a little makeup and hairstyle changing…

I’ve a friend who was when younger a top class athlete and tall in stature and had much to her annoyance been regularly mistaken for being a boy, lad, and even into adulthood as a young man…

Put people into “universal clothing” like military field dress and you have the same problem in both directions.

But it gets worse, for instance it’s a “known secret” that passports have never worked as ID documents because the error rate under testing has found to be worse than 1 in 6 either way (false pos/neg). Hence the prolific black market in stolen passports.

Similar for the bio-metric passports under ideal conditions claims of 1 in 1000 soon disappear as conditions change to normal or worse.

But the fun one, “eye witnesses” are unless they actually know the suspect fairly intimately worse than 25% at best when it comes to a line up…

It’s why the Police used to love pulling line ups because they were easy to “direct the witness” to the target of choice…

So now consider if the “test subject” wants to “pass themselves off” as another they are going to find a lot of wriggle in that gap between sensor and the meat and there is effectively nothing you can do to stop it happening.

The fact even current AI LLM & ML systems can do this is just the start… Consider the not to distant future AI with enhanced fake-it abilities.

Legislation and Law and Order will have no meaning as any “evidence” could be “reproduced”.

Oh and now the “mains hum/noise” trick is known, that won’t be reliable as a timestamp / fingerprint.

Larry Compton May 5, 2025 1:53 PM

Deepfake identification will never be 100% accurate using any one tool or method, of course.

Eulerian magnification or any other method to analyze the pixel content is very resource intensive. It can also be more subjective depending on the algorithm(s) or engine used, and a person’s interpretation of results.

Pixel level analysis should take place after other processes, such as structural & metadata analysis, and only when required. It’s archaic & unnecessary in many cases, imho.

Larry Compton May 5, 2025 2:04 PM

BTW,about the other comment regarding evidence & police. Ome word:

Provenance

Let’s see AI get around that. Who took the photo? What did they take it with? How did it get here? Where’s the original? Etc.

Fake media does not make it into court today & won’t in the future.

Jacob W May 5, 2025 2:17 PM

Won’t any tool/method that can reliably detect deepfakes and which is widely accessible just be used to train next gen deep fakes?

It seems like detection is an uphill battle in that case, but maybe some methods of detection will be very resistant to this sort of thing.

Steve May 5, 2025 5:57 PM

I am moderately amused that the AI fakery “industry” has roped the research community into doing a large part of its work for them. Old Samuel Clemens (aka Mark Twain) said it best, perhaps, in The Adventures of Tom Sawyer

Tom said to himself that it was not such a hollow world, after all. He had discovered a great law of human action, without knowing it — namely, that in order to make a man or a boy covet a thing, it is only necessary to make the thing difficult to attain.

Clive Robinson May 5, 2025 6:15 PM

@ Larry Compton,

With regards,

“Ome word: Provenance

Let’s see AI get around that.

It’s not the AI that needs to get around it. That as they say is your first mistake.

Lets talk about an “event” as with all such things it has,

1, At time
2, A place

And all to often

3, One or more observers who see

And in this day and age some of whom

4, Record some or all of it on those ubiquitous mobile phones.

As such all mobile phones leave bread crumbs through lifes forest.

A geo-fenced request will produce a list of mobiles in the “place”(2) at the “time”(1) of the event.

A request on those Mobile ID’s through Data Brokers will pull up a list of most of the apps on each mobile and the time they were last in use or if being used at the time of the event.

This info alone would enable the mobiles around the event to be back-door searched (think NSO Group’s and similar software).

Then files could be copied, uploaded, updated or deleted.

Any video or photo on the device can be used to fingerprint the device optics, and make a “defect matrix”.

Put a fake video based on a real video on one or more of those mobile phones multiplied be each devices “defect matrix”. The fake videos will under examination look like they were made through the mobile optics.

Then send one or more of the fake videos to a news outlet directly from the users phone, ensuring that the file meta-data points to the users phone where the fake video has been placed.

When the authotities grab the phone as they will and find the fake video that checks out for the devices optics.

What are they going to believe?

1, The mobile phone owner who denies recording it.
2, Or the “evidence on the device”.

We know from CSAM and other cases that the device owner will not be believed and thus the fake video unless it has very provable flaws will be accepted as evidence.

As for the device owner they will be very lucky if they do not get prosecuted for any one of a number of things. Of which “with holding evidence” and “conspiracy” of some kind thrown in.

Even better for the prosecution if those who planted the fake video make it look like it was deleted. Then charges of destruction of evidence etc…

It’s the sort of thing I would do because experience tells me the authorities do not behave rationally when they think they’ve got a viable suspect. US jails are full of people who are serving near or longer than life sentences on “no or concocted evidence”. Some get lucky and later evidence if it gets accepted finds them innocent. If you are unaware of this then please let us all know in WWI parlance,

“What better hole, You’ve gone to!”

And taken refuge in from what goes on these days.

not important May 5, 2025 6:18 PM

@all
One evidence is not evidence. Only constellation of all evidence taking together could be source of real fact taking place in the past. Deep fakes are not the exclusive type in this realm.
But, what is real purpose of investigation: to find the truth (subject, motive, etc.) or just close the case and calm down the public?

What I was always concern with this that REAL culprit remain at large and continue his/her sinister activity.

@Clive ‘But the fun one, “eye witnesses” are unless they actually know the suspect fairly intimately worse than 25% at best when it comes to a line up…’

Absolutely. What about testimony of kids? check https://en.wikipedia.org/wiki/Elizabeth_Loftus

And general folks have no idea why crimes have statute of limitations – not because culprit is forgiven but because evidence neither could be preserved, collected and fade out memory in particular.

Clive Robinson May 5, 2025 6:52 PM

@ Jacob W, ALL,

With regards,

“Won’t any tool/method that can reliably detect deepfakes and which is widely accessible just be used to train next gen deep fakes?”

Yup, that’s what my,

Oh and now the “mains hum/noise” trick is known, that won’t be reliable as a timestamp / fingerprint.

Comment above was about.

The UK has a “Central Power Grid” which maintains the exact same frequency and phase the entire length and breadth of the Nation.

The “hum” gets into everything and audio and video recordings are effectively “time stamped” with it.

It was used in a UK case to prove that “submitted evidence” of an audio recording was a fake, and in certain circles it was famous for a while.

In the past I’ve indicated how you appear to remove it from audio recordings, then add a different set of hum as a new time stamp (what you actually do is remodulate with the difference a bit like “bit flipping a stream cipher” if you want an imprecise analogy).

With even current AI systems pulling out the mains hum from an original recording would be fairly trivial. generating a difference signal to “time shift” both the hum on the audio and any reflection flicker in the video image likewise possible if a bit harder.

Thus the real questions from a fakers perspective is,

“What ‘artifacts’ give you away?”[1]

And,

“What do you do to remove / change / mask them?”

The only way for such detection to remain effective is by keeping it secret from the defence team. As such that is generally a “No no” in courts based on traditional English law.

[1] in theory it’s quite simple to answer the “What artifacts” question. You simply make a “black noise” recording. That is you record with no “signal” ie changing audio or visual components being present anything left is “noise”. Thus you average out / remove all “black” and amplify the remaining “noise”. You then analyse the noise against noise sources you are aware of and strip them one by one. These are the “artifacts” that can give you away. You then need to find out how they change with time and if others can use it as a time or location indicator. You would be surprised at what noise there is… For instance CCD Image sensors have amplifiers that add predictable “pink noise” that has a significant thermal noise element.

Clive Robinson May 5, 2025 6:56 PM

@ Steve,

With regards,

“Old Samuel Clemens (aka Mark Twain) said it best…”

More than once 😉

Do you remember how the fence got whitewashed?

Clive Robinson May 5, 2025 8:00 PM

@ not important,

It’s interesting that you mentioned,

Elizabeth Loftus, if you read about her you will find she was well thought of at Goldsmiths, “University of London” over in East London (New Cross area).

It’s one of a number of London Unis I’ve mentioned before having had contact/association with research at.

I’ve also mentioned the “N+1 Truths” and how you can move / walk peoples memories by simply talking with them.

Lets say there was a car accident at night involving a couple of vehicles or a vehicle with several people in it, and say 6 witnesses. There will be N+1 truths, the six different versions of the witnesses and the actual truth of what happened.

I’m not saying the witnesses are not telling the truth or that their memories are incorrect, it’s just that they will not have been standing at the same place or facing in the same direction. Thus as a basic ground state due to their expected differences of “points of view” their truths will be different (if they were the same or too similar then witness collusion should be suspected).

As Elizabeth Loftus noted memories are “plastic” especially in the shock and shock recovery periods.

Untill you’ve had time for short term chaotic memories to become long term coherent memories your memories are at best fluid. Part of this is for most people short term memories are discrete “flash” moments that are not continuous. This is because their importances is not based on time or sequence but what is in effect threats or alerts of what your subconscious equates with predators and places of safety (see stripes move, scoot up closest tree etc).

Your brain then in effect stitches the moments together and fills in the gaps.

Now if I can change one of your moments then not only will your brain fill in to match it tends to leave it plastic.

Thus by gentle repeat promptings I can move all your moments to different points…

This is fairly well known by investigators who depending on how honest they are act in some manner.

In the US the method used is abusive and frankly not designed to get at the truth just get an easy conviction. It’s become quite discredited as I’ve mentioned before. Training in the UK is these days to ask neutral questions as passively and objectively as possible and as soon as possible.

However there more than enough “old school” investigators around and as we know false confessions happen all to often.

Speaking of “children” look up

https://www.dailyrecord.co.uk/news/real-life/orkney-child-sex-abuse-scandal-1099361

It might make your eyebrows scuttle over the top of your head in disbelief…

Larry Compton May 6, 2025 12:03 AM

@Clive Robinson et al.

Disregard. I know nothing. I’ve only been focusing on image & video evidence for 25+ years, working cases around the world, traveling around the world teaching forensic analysts, building solutions to such problems, etc. I know nothing about evidence. Computer forensics, yes, I am a pioneer. Mobile forensics, yes I’ve taught that too. Video forensics…well that took me around the world teaching others how to be as ignorant as I am about image & video evidence.

So, yes, disregard. I’ll refrain from trying to educate you in the future. Thank you for the insights.

All the best.

Bob May 6, 2025 10:09 AM

@Clive

Many of us in the security field have been pointing out for decades now that biometrics are a username, not a password.

not important May 6, 2025 5:25 PM

@Clive – thank you for the link provided.
The key for that case and many other cases touched in this blog is inside the link:

“Inadequately trained people put into a position of incredible power.”

That is real curse.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.