- Deepfake Injection Attacks bypass Cameras and Deceive Video Verification of the software
- Face exchanges and motion reconstructions transform stolen images into convincing depth making
- Managed detection services can identify suspicious models before attacks are successful
Digital communication platforms are increasingly vulnerable to sophisticated attacks that exploit advanced artificial intelligence.
An IPROOV report reveals a specialized tool capable of injecting depths generated by AI directly into iOS video calls, which raises concerns concerning the reliability of existing security measures.
The discovery reveals at what speed the AI tools are suitable for fraud and identity theft, while exposing gaps in current verification systems.
A sophisticated method to bypass verification
The iOS video injection tool, suspected of having Chinese origins, target iOS 15 jailbreake and more recent devices.
The attackers connect an iPhone compromised to a remote server, bypass their physical camera and inject synthetic video flows into active calls.
This approach allows fraudsters to identify legitimate users or build fully manufactured identities that can pass low security checks.
Using techniques such as facial exchanges and motion reconstructions, the method transforms stolen images or static photos on realistic video.
This moves the identity fraud of isolated incidents to industrial -scale operations.
The attack also undermines the verification processes by using vulnerabilities in the operating system rather than camera -based checks.
Frauders no longer need to deceive the objective, they can directly deceive the software.
This makes traditional anti-usurpation systems, in particular those lacking in biometric guarantees, less effective.
“The discovery of this IOS tool marks a breakthrough in identity fraud and confirms the trend of industrialized attacks,” said Andrew Newell, scientific director of IPROOV.
“The suspected origin of the tool is particularly worrying and proves that it is essential to use a liveliness detection capacity which can adapt quickly.”
“To fight against these advanced threats, organizations need multilayer cybersecurity controls enlightened by the intelligence of real threats, combined with scientific biometrics and a capacity for detecting liveliness which can quickly adapt to ensure that a user is the right person, a real person, authenticating in real time.”
How to stay safe
- Confirm the right person by matching the identity presented to the registration or official confidence databases.
- Check a real person using integrated images and metadata to detect malware or synthetic environments.
- Make sure that the verification is in real time with methods of response to the passive response to prevent rereading or delayed attacks.
- Deploy the managed detection services that combine advanced technologies with human expertise for active surveillance.
- Quickly respond to incidents using specialized retro-engineers skills and strengthen future defenses.
- Incorporate advanced biometric checks informed by active threats to improve the detection and prevention of fraud.
- Install the best antivirus software to block malware that could allow a compromise or exploitation of the devices.
- Maintain strong protection of ransomware to protect sensitive data from secondary or support cyber attacks.
- Stay informed of the evolution of AI tools to anticipate and adapt to emerging injection methods.
- Prepare for scenarios where video verification cannot guarantee security against sophisticated identity fraud.
