Novel face swaps emerge as a major threat to biometric security
Digital identities are rapidly becoming more widely used as organizations’ and governments’ digital transformation projects mature and users demand more remote accessibility for everything, from creating a bank account to applying for government services, according to iProov.
To support this transformation, many organizations have adopted biometric face verification, as it is widely recognized as offering the most user-friendly, secure, and inclusive authentication technology solution.
Yet, as biometric face verification gains traction and becomes more widely adopted, threat actors are targeting all systems with sophisticated online attacks. To achieve both user friendliness and security, organizations need to evaluate their biometric solutions for resilience in the face of these complex attacks.
Digital injection attacks are evolving
Digital injection attacks – where a malicious actor bypasses a camera feed to trick a system with synthetic imagery and video recordings – occurred five times more frequently than persistent presentation attacks (i.e., showing a photo or mask to a system) on web in 2022.
This is due to both the ease with which they can be automated and the rise in access to malware tools. More than three-quarters of malware available on the dark web is available for under $10 USD, and with the rise of malware-as-a-service and plug-and-play kits, just 2-3% of threat actors today are advanced coders.
Mobile platforms were also identified as increasingly vulnerable, with attacks now using software called emulators, which mimic the behavior of mobile devices. The report warns organizations against relying on device data for security, with a massive 149% increase in threat actors targeting mobile platforms in the second half of the year compared to the first.
“Our analysis shows that the online threat landscape is always rapidly evolving,” said Andrew Newell, Chief Scientific Officer at iProov. “The 149% increase in attacks using emulators posing as mobile devices is a good example of how attack vectors arrive and scale very quickly. We have seen a rapid proliferation of low-cost, easy-to-use tools that has allowed threat actors to…
