The Threat of Cyberattacks on Verification and Authentication Systems is Increasingly Sophisticated as technology Advances. Two types of attacks that have recently gained attention are Presentation Attacks and Injection Attacks. Although these have existed for a long time, they have become a topic of discussion again due to the involvement of deepfake technology.
How do Presentation Attacks and Injection Attacks work using deepfake? And how do these attacks target biometric verification? Let's dive into this article!
What is Deepfake?
Before discussing Presentation Attacks and Injection Attacks involving deepfake, let's first understand what deepfake is.
Deepfake is a technology that uses artificial intelligence (AI) to create or manipulate visual (image and video) and audio content to be highly realistic, making it appear real. This technology can change a person's face and voice in videos or audio.
Deepfake content is already widely available on the internet. Examples include Barrack Obama's speech video, a deepfake video of Tom Cruise, a photo of Katy Perry attending the 2024 Met Gala, a video of former Indonesian president Soeharto appearing during the 2024 election period, and many more.
At first glance, there seems to be nothing wrong with these videos as they are made for entertainment purposes. However, deepfake becomes a tool for fraud when the same technology is used to manipulate biometric verification.
Biometric verification uses a person's physical characteristics, such as fingerprints, facial recognition, and retina scans. Have you ever taken a selfie while paying on e-commerce or transferring money via mobile banking? That is an example of biometric verification.
Now, imagine if deepfake could fake all of this, so it’s not you performing the biometric verification, but a fraudster. This is why deepfake is now categorized as a tool for cybercrime.
How can deepfake become a sophisticated tool for Presentation Attacks and Injection Attacks?
Presentation Attack
A presentation attack, also known as a spoofing attack, occurs when an attacker uses someone's fake biometrics to deceive a biometric verification or authentication system. These fake biometrics can be in the form of photos, masks, or AI-generated images or videos (deepfake) impersonating the victim.
A fraudster creates a deepfake video of someone seemingly performing facial verification movements (nodding, blinking, etc.). This deepfake is used for biometric verification, allowing the fraudster to gain access to the user's account. The fraudster can then steal personal data, leak transaction information, and make fraudulent transactions, causing financial loss.
This attack can lead to misuse of user identity, financial loss for users, damage to the company's reputation, and high costs for system repair.
Injection Attack
An injection attack occurs when an attacker injects manipulated code or commands into the system to trick the biometric verification system.
There are two types of injection attacks: SQL Injection and Deepfake Injection. In SQL Injection, the attacker inserts malicious code into the user's login field to gain access to the database.
In Deepfake Injection, the attacker uses deepfake technology to inject fake biometric data directly into the data stream received by the verification or authentication system. Here’s how it works:
First, the attacker bypasses the biometric data capture process on the device's camera, microphone, or fingerprint sensor to enter the application server system. Then, the attacker injects fake biometric data. Finally, the attacker uses emulators, virtual cameras, and other techniques to convince the system that the received biometric data is legitimate.
As a result, the server uses the fake biometrics, believing them to be the user’s authentic data.
This attack can severely damage an application's server. The attacker can access highly sensitive data, modify information, and even compromise the integrity of the entire system.
Fighting Against Deepfake Threats
In general, many technologies are available to counter deepfake in Presentation Attacks and Injection Attacks, such as deepfake detection technology and multi-factor authentication. However, increasingly sophisticated deepfake technology requires more robust security layers in verification systems.
For example, using VIDA verification, equipped with Deepfake Shield. Some of its advantages include:
1. Presentation Attack Detection (PAD): This feature detects Presentation Attacks in the verification system with Passive Liveness and Morphing Detection.
2. Injection Attack Security: A system to ensure no malicious code or commands are injected into the verification system.
3. Image Quality Feedback: Users receive real-time feedback on image quality when performing biometric verification.
Ensure your company's data security is not compromised by deepfake successfully passing through biometric verification processes!
Read more about deepfake and VIDA Deepfake Shield.
For more information on how VIDA can help secure your digital identity, visit https://vida.id/sales.