Injection attacks are an increasingly common and extremely dangerous threat vector that insert false data to fool an identity verification system. Most identity verification products are vulnerable, so organizations need to know what they are and how to defend against them. This article explains everything you need to know about injection attacks in the context of identity verification, including:
- What is a digital injection attack?
- How do injection attacks work?
- Why are digital injection attacks dangerous?
- What are deepfakes, anyway?
- How to stop injection attacks
- The differences between injection attacks and presentation attacks
What is a Digital Injection Attack?
A digital injection attack is when someone “injects” false data into the stream of information received by an identity verification (IDV) platform. Attackers employ emulators, virtual cameras, and other techniques to convince the system that it’s receiving trustworthy data.
Digital injection attacks usually involve circumventing a device’s camera, microphone, or fingerprint sensor to inject false images or biometrics. Attackers may also inject false location and other data in order to exceed the IDV software’s risk threshold.
Injection attacks are extremely difficult to detect because, if successful, the IDV system believes that it’s receiving trusted data. Most IDV products can be fooled by injection attacks, but they can be stopped, and Nametag is the only provider to do so effectively.
How Do Injection Attacks Work?
Injection attacks exploit critical security gaps in many identity verification software products. Identity verification providers that rely solely on liveness detection via video captures, for example, are vulnerable to injection attacks that bypass the camera entirely. Products that allow users to upload files in place of live captures also allow bad actors to upload photoshopped or deepfake documents and photos. Providers that let users take photos with their webcams, or allow users to complete verification through a web browser, can be circumvented or exploited.
Uploading fake documents: Verification flows that allow users to upload images stored on their computer or mobile device can be exploited by attackers using AI deepfakes which have become good enough to trick consumer KYC providers.
Emulating webcams: Verification flows that allow people to use their laptop or desktop webcam can be exploited by connecting a third-party data source that presents itself as a webcam, but is actually a feed for deepfake video.
Hacking web browsers: Most web browsers expose the flow of data between the browser and a server. Browser-based verification flows can be easily manipulated to send false data or documents in a way that’s virtually impossible to detect.
Why Are Digital Injection Attacks Dangerous?
The reason injection attacks and deepfakes are so dangerous is that most identity verification products are inherently vulnerable to injection attacks because of the way they’re built. Nametag’s unique security model allows us to prevent injection attacks in the first place, thus forcing attackers to attempt easier-to-defend presentation attacks.
Digital injection attacks increased 255% in 2023, according to research by iProov. Injection attacks are now 5 times more common than presentation attacks, according to iProov, though the latter remains a critical and often-overlooked attack vector.
Injection attacks are extremely difficult to detect on their own. Even more worryingly, they’re now being used in combination with AI-generated documents, photos, and biometrics. In early February, a Hong Kong company lost $25 million to a sophisticated attack that involved injecting deepfake video feeds into a live video call.
Other identity verification products try to detect injection attacks, and often fail; Nametag prevents injection attacks by eliminating the threat vector entirely.
The Hong Kong story is just the beginning: 29% of businesses already reported being hit by deepfake video fraud in 2022, even before generative AI tools got good enough to fool both human and software observers. More recently, Onfido reported a 3,000% increase in deepfake attacks in 2023.
Sidebar: What are “Deepfakes”, Anyway?
Much of the discussion around presentation and injection attacks focuses on the use of “deepfakes”. But what are deepfakes, anyway?
A deepfake is an artificial image, video, or audio clip, that has been created using a type of artificial intelligence (AI) called deep learning (“deepfake” = deep learning + fake).
“The images are so good that 404 Media was able to get past the KYC measures of OKX, a cryptocurrency exchange that uses the third-party verification service Jumio to verify its customers’ documents.” – Decrypt.co, People Are Using Basic AI to Bypass KYC —But Should You?, 4 February 2024
Deepfakes have exploded in popularity among attackers in recent years, thanks to the rapid proliferation of widely-available generative AI tools. For example, it’s now trivial to create seemingly-real videos of a victim smiling, frowning, or performing other facial expressions, using only a few images gathered from the web.
Deepfakes are an increasingly popular tool used in presentation attacks and injection attacks. Attackers present deepfake ID documents to fool KYC processes, or inject deepfaked photos and videos to spoof facial biometrics systems.
How to Stop Injection Attacks
Injection attacks are particularly dangerous because they trick identity verification systems into believing that it’s receiving trusted data. They require a greater level of sophistication than presentation attacks, but are consequently harder to detect.
The key to stopping injection attacks is to ensure trustworthy data is delivered to the system—for example, to not allow digitally altered images or documents to be introduced in the first place. Nametag takes a unique approach that leverages the security and cryptography of modern smartphones and mobile apps to do just this.
Apple and Android use cryptographic signatures to establish a chain of trust between a device, its operating system, and the apps it runs. These signatures are virtually impossible to spoof, because they’re backed by the extremely high security of Apple and Android themselves. Because Nametag exclusively pivots users to their mobile devices, we can leverage these platform-specific security measures to check whether:
- The hardware of the device itself is genuine
- The device’s operating system is genuine
- The Nametag app (Android Instant App, Apple App Clip, or full app) is genuine
In this way, we verify that the data we receive is coming from the user’s actual device camera and sensors. A user can only send data to Nametag (ID document photos, selfie photos, etc.) through their device’s actual camera and sensors. In other words, we don’t give attackers the chance to introduce false data in the first place.
With Nametag, an attacker who wants to use deepfake IDs or face-swap selfies must hold up another device in front of the camera that’s displaying the false information, or take a photo of a printed-out photo: presentation attacks that we can easily detect.
Identity verification products with in-browser or laptop/desktop-based user flows, such as consumer KYC providers, can’t provide this same level of assurance. In fact, Nametag is the first and only identity verification solution to leverage mobile app security and cryptography to shut down injection attack vectors.
Put simply: other identity verification products try to detect injection attacks, and often fail; Nametag prevents injection attacks by eliminating the threat vector entirely.
Injection Attacks vs. Presentation Attacks
There are two types of attacks that threaten identity verification software: presentation and injection attacks. Presentation attacks use the software’s prescribed capture process but provide false information, while injection attacks circumvent or trick the process in order to provide falsified data.
Presentation attacks typically use a physical fake document, such as holding up a printed-out selfie photo, while injection attacks are more likely to use digitally-manipulated images.
Presentation attacks on facial recognition systems take many forms:
- Fake documents: An attacker presents a false ID document or photo directly to the camera. They might alter the document (e.g. pasting their own photo onto a driver’s license or passport), take a photo of a printed-out ID card or selfie, or hold up another device that’s showing a photo of an ID or selfie.
- Face swaps: 2023 saw a 704% increase in “face swap” attacks wherein an attacker uses software tools to combine traits of one face with another in order to spoof facial biometrics or liveness checks. Note that face swaps can be used in both presentation attacks and injection attacks.
- Hyper-realistic masks: Attackers occasionally even use hyper-realistic silicone masks to deceive facial recognition systems. These “Mission Impossible-style” attacks are rare, but have been used in numerous criminal cases.
KYC and identity verification platforms use Presentation Attack Detection (PAD) to defend against presentation attacks. PAD approaches use proprietary techniques to perform “liveness checks” on documents and selfies presented to the system. This can detect some presentation attacks, including screens and printed-out photos. However, some PAD interventions are vulnerable to injection attacks that utilize deepfakes and generative AI. For example, journalists were able to fool the KYC measures of a cryptocurrency exchange using ID documents created using generative AI.
What to Do Next
Worried about digital injection attacks on your identity verification processes? Consumer KYC and other products are vulnerable. Schedule time with our IDV experts to learn more about how Nametag is uniquely secure against injection attacks.