Cyber threats to verification and authentication systems are becoming increasingly sophisticated with technological advancements. Two types of attacks that have recently gained attention are Presentation Attack and Injection Attack.
An Injection Attack or Code Injection is an attempt by hackers to inject manipulated code or commands into a system to deceive it. There are two types of injection attacks: SQL Injection and Deepfake Injection.
In SQL Injection, the attacker inserts malicious code into the user's login fields to gain access to the database. Meanwhile, Deepfake Injection uses deepfake technology to inject fake biometric data directly into the data stream received by the verification or authentication system.
Code Injection can be carried out by exploiting various vulnerabilities in applications or systems. Here are the four main methods of Code Injection attacks:
1. Injecting a Virtual Camera
How It Works:
The attacker, having obtained the victim's personal information, installs a fake camera app (virtual camera) on their own device. This fake camera has been injected with deepfake technology.
The attacker then registers with banks, online lending platforms, and other financial applications using the victim's information. The role of the fake camera injected with deepfake is to allow the attacker to use the victim's photo for biometric verification.
This method enables the attacker to bypass liveness detection checks and conduct fraudulent activities without the knowledge of the data owner or the financial services.
Example:
An attacker installs a fake camera on their device and uses it during biometric verification while creating an account. The attacker uses the victim's ID data and biometric data that they have obtained.
2. Rooting the Device and Hooking the Camera API
How It Works:
On a rooted device, the attacker can gain access to modify the device's operating system, allowing them to manipulate the camera API. They then modify the input/output data, replacing live camera feed with manipulated or pre-recorded video.
This method allows the attacker to bypass security checks and conduct fraudulent activities undetected.
Example:
An attacker roots a smartphone and hooks the camera API to manipulate a video during a remote identity verification process for an online loan application. The attacker uses a pre-recorded video of another person to bypass liveness detection and obtain a loan using stolen identity information.
This method also involves Deepfake Injection, which involves injecting fake biometric data directly into the data stream received by the verification or authentication system. As a result, the server uses this fake biometric data and treats it as legitimate user data.
3. Man-in-the-Middle Attack
How It Works:
The hacker intercepts communication between the application and the server, such as a selfie image transmission. The hacker then modifies the system, manipulates the selfie image, or alters the liveness results to bypass security checks. This technique allows hackers to create fake accounts or conduct unauthorized transactions without being detected by the application's security system.
Example:
A hacker intercepts communication between an e-wallet app and its server during a transaction. The hacker modifies transaction details, such as the recipient account number and transaction amount, bypassing the application's security checks.
4. Using a Device Emulator
How It Works:
The attacker uses a device emulator, a software program that mimics the functions of a physical device, to carry out Code Injection attacks.
Emulators can be used on powerful computing devices, such as laptops or desktops, and provide attackers with various tools and features to manipulate applications. By running the targeted application on the emulator, the attacker can easily inject malicious code, manipulate camera feedback, or modify application data without physical access to the device.
Example:
An attacker uses an emulator to run a ride-hailing app and manipulate GPS data to simulate fake trips. The attacker uses a pre-recorded video of another person to bypass liveness detection during the driver registration process and create a fake driver account.
Addressing Injection Attack Threats
There are many technologies available to address deepfake in Presentation Attacks and Injection Attacks, such as deepfake detection technology and multi-factor authentication. However, increasingly sophisticated deepfakes require technologies that can strengthen the security layers of verification systems.
For example, verification using VIDA is equipped with Deepfake Shield. Some advantages of this feature include:
1. Presentation Attack Detection (PAD): This feature detects Presentation Attacks in the verification system with Passive Liveness and Morphing Detection.
2. Injection Attack Security: A system to ensure no malicious code or commands are injected into the verification system.
3. Image Quality Feedback: Users receive real-time feedback on image quality when performing biometric verification.
Don't let your company's data security be compromised by deepfakes that manage to pass through biometric verification! Read more about deepfake and VIDA Deepfake Shield here.