Facial authentication has rapidly become a default mechanism for identity verification across mobile applications, fintech platforms and online services. Its perceived robustness relies on the assumption that a human face is a reliable and hard-to-forge biometric factor. This work challenges that assumption through a practical study of deepfake-based attacks against real-world systems.

This talk presents an experimental evaluation of facial authentication under real-time deepfake conditions. Using accessible face-swapping techniques, we demonstrate how multiple systems — including login flows, identity verification services and mobile applications — can be bypassed without requiring advanced resources. The research includes 15 documented attack scenarios covering automated systems, mobile environments and human interaction.

Beyond technical bypasses, we also explore the human dimension: whether deepfakes can sustain believable interactions and deceive users over extended conversations. The results highlight that both machines and humans are currently vulnerable under realistic conditions.

The goal of this talk is not to speculate about future threats, but to provide measurable evidence of current weaknesses, analyze existing countermeasures such as liveness detection, and discuss their limitations in practice.

This talk presents a structured and reproducible analysis of deepfake-based attacks against facial authentication systems, focusing on real-world applicability rather than theoretical models.

The research is organized into three main blocks:

1. Attacking automated systems
We evaluate how real-time deepfake injection can bypass facial authentication mechanisms in web-based login systems and identity verification platforms. Different variables are tested, including lighting conditions, facial expressions and demographic variations, to assess system robustness.

2. Mobile environments and practical constraints
We analyze authentication mechanisms in mobile applications, including attempts to bypass protections using emulators and real devices. The study highlights practical barriers such as emulator detection, as well as successful bypasses in applications relying on facial recognition for access control.

3. Human deception and social engineering
Beyond technical systems, we explore the effectiveness of deepfakes in human interaction scenarios. Through controlled experiments, we measure the ability of a deepfake to maintain credible real-time conversations and deceive participants, highlighting the intersection between biometric attacks and social engineering.

Across these blocks, each experiment is documented with methodology, execution conditions and outcomes, allowing the audience to understand not only the attack surface but also the practical limitations.