Sergio Mahía
Sergio Mahia
Madrid, Spain
Actions
I'm Sergio Mahía, a Software Engineer specializing in cybersecurity, with a clear mindset: to truly protect systems, you first have to think like someone trying to break them.
My career began by founding my own web development and security startup, where I went from zero to building a portfolio of over 20 clients in less than a year. In that process, I not only developed solutions but also focused on something I consider critical: protecting users from real-world threats. I worked with advanced techniques such as Web Application Firewalls (WAFs) and continuous auditing, identifying and exploiting vulnerabilities like XSS and SQL Injection to understand and mitigate them at their root.
Currently, I work at KPMG as a Software Engineer and Ethical Hacker, where I tackle complex security challenges in real-world environments. I've designed and developed ambitious projects, from automated vulnerability analyzers to educational platforms for CTF training, always with a practical and results-oriented approach.
I consider myself an ambitious, resourceful person with a great capacity for learning. I enjoy tackling difficult problems, learning from my mistakes, and transforming those errors into robust solutions. I'm also an active communicator on social media and blogs, where I translate complex cybersecurity concepts into accessible ideas, aiming to raise awareness among both businesses and users.
I firmly believe that the best defense against an attacker is to anticipate them. That's why I don't just build secure systems; I constantly test them, pushing their boundaries before others do.
Area of Expertise
Topics
Breaking Facial Recognition Systems with Real-Time Deepfake Injection
Facial authentication has rapidly become a default mechanism for identity verification across mobile applications, fintech platforms and online services. Its perceived robustness relies on the assumption that a human face is a reliable and hard-to-forge biometric factor. This work challenges that assumption through a practical study of deepfake-based attacks against real-world systems.
This talk presents an experimental evaluation of facial authentication under real-time deepfake conditions. Using accessible face-swapping techniques, we demonstrate how multiple systems — including login flows, identity verification services and mobile applications — can be bypassed without requiring advanced resources. The research includes 15 documented attack scenarios covering automated systems, mobile environments and human interaction.
Beyond technical bypasses, we also explore the human dimension: whether deepfakes can sustain believable interactions and deceive users over extended conversations. The results highlight that both machines and humans are currently vulnerable under realistic conditions.
The goal of this talk is not to speculate about future threats, but to provide measurable evidence of current weaknesses, analyze existing countermeasures such as liveness detection, and discuss their limitations in practice.
This talk presents a structured and reproducible analysis of deepfake-based attacks against facial authentication systems, focusing on real-world applicability rather than theoretical models.
The research is organized into three main blocks:
1. Attacking automated systems
We evaluate how real-time deepfake injection can bypass facial authentication mechanisms in web-based login systems and identity verification platforms. Different variables are tested, including lighting conditions, facial expressions and demographic variations, to assess system robustness.
2. Mobile environments and practical constraints
We analyze authentication mechanisms in mobile applications, including attempts to bypass protections using emulators and real devices. The study highlights practical barriers such as emulator detection, as well as successful bypasses in applications relying on facial recognition for access control.
3. Human deception and social engineering
Beyond technical systems, we explore the effectiveness of deepfakes in human interaction scenarios. Through controlled experiments, we measure the ability of a deepfake to maintain credible real-time conversations and deceive participants, highlighting the intersection between biometric attacks and social engineering.
Across these blocks, each experiment is documented with methodology, execution conditions and outcomes, allowing the audience to understand not only the attack surface but also the practical limitations.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top