As governments and businesses continue to unlock new value and efficiency through digital services, one key challenge remains. Organisations need to be assured that the person on the other side of the screen is human and are who they claim to be. INTERPOL’s first-ever Global Crime Trend report estimates that over 70% of respondents, all from law enforcement expect crimes such as ransomware and phishing attacks to increase significantly in the next three to five years.
This renders traditional verification technologies such as one-time passwords, OTPs outdated and a security risk. Biometrics such as iris and retina offer a deeper method of verification but fall short in terms of liveness – they cannot bind a digital identity to a real-world individual in motion. In addition to this, the technology used to capture this biometric data may not always be as accessible or inclusive as required.
2022 saw dramatic changes in digital injection attacks. Criminals are now advancing across platforms, targeting mobile web, native Android, and native iOS via emulators. With the emergence and growth of sophisticated face swaps, low-skilled criminals now have the means to launch advanced attacks. Threat actors launched motion-based attacks simultaneously and at scale against hundreds of systems globally.
In the past year there has been a 149% increase in threat actors using emulators to attack mobile platforms. There has also been a 295% increase in novel face swaps. This is according to a new biometric threat intelligence report by iProov.
Gur Geva, Founder and CEO of iiDENTIFii, a premier partner of iProov in Africa, says, “Biometric attacks continue to grow in volume, intensity and sophistication. If we are to successfully combat these risks, we need to uncover and understand the anatomy of biometric attacks.”
Biometric security threats currently fall into two categories: presentation attacks and digital injection attacks. Presentation attacks refer to photos, videos or even masks being held up to a screen to fool the technology into mapping the features of the identity being defrauded. In the case of digital injection attacks, imagery is injected directly into the video stream, either through emulators, hacking tools, or virtual cameras.
Three types of synthetic injection attacks dominated the threat landscape in 2022: two-dimensional image face swaps, image-to-video deepfakes and video face swaps. The iProov report defines face swaps as a form of synthetic imagery created using two inputs where a criminal combines traits from one face, such as motion, with the appearance of another face to create a new synthetic 3D video output.
This results in a product that carries the person’s individual facial features so accurately that the imagery can match their government-issued identification photograph.
Click below to share this article