Digital Injections: An Imminent GenAI Threat to Liveness Detection

Digital Injections: An Imminent GenAI Threat to Liveness Detection

Sriram Raja
Sriram Raja

May 22, 2024

Sriram Raja
Sriram Raja

May 22, 2024

Liveness detection solutions are slowly becoming an integral part of digital identity verification by detecting fraudsters that attempt to use spoofing methods like deepfakes, stolen images or silicone masks and gain unauthorized access to an online application or service. 

Even though generative AI has had a positive impact across multiple industries, it comes with a set of some strong drawbacks in the financial sector. Fraudsters are increasingly leveraging GenAI to intercept and interfere with liveness detection solutions during the KYC process. This lets malicious actors enter the financial ecosystem, where they then wreak havoc by laundering money or committing other forms of financial crime. 

The simplest solution to prevent attempts at spoofing would be to capture live faces i.e. a real-time capture of a human performing some action or at the minimum an auto-capture. This in itself prevents a lot of deep fake attacks and images created by generative AI.

However, this solution is not foolproof and it is not complete. Simple capture-based liveness solutions can be taken down by digital injection attacks.  Digital injection attack incidents surged during 2022, with approximately five times more frequent and sophisticated incidents than current presentation attacks.

What are digital injection attacks?

Digital injections are highly sophisticated cyberattacks that bypass the source of an image/video capture (essentially the device) and directly feed false data into the data stream.  These injections are of such high quality that they ultimately deceive the biometric verification and liveness detection systems in place. 

How does it work? 

In the case of captures by a regular camera, the flow is: 

  1. App prompts user to take a selfie or a video
  2. User uses their phone app to take a selfie or a video
  3. App collects this selfie from the phones’ capture
  4. App uses facial recognition technology to look for features that indicate liveness 


In the case of a digital injection attack: 

  1. App prompts the user to take a selfie or a video
  2. User uses their phone app to take a selfie or a video
  3. App attempts to collect this from the phone 
  4. Hacker interferes with the selfie collection process and gives an artificially generated capture to the app
  5. App uses facial recognition to look for features that indicate liveness

The three common methods of digital injections: 

There are different ways of feeding a fake image or a fake person to the target application. 

1. Inject using a virtual camera

A fake camera app can be installed for Android 11 and below which misdirects all applications requiring a camera to capture photos through a fake camera that feeds fake photos rather than the live photo

Image source: “Remote ID Proofing - Good practices” - A Report by ENISA

2. Root the device and hook the camera API

On a rooted device, the hacker is able to identify the code that executes the camera API and then manipulate its input / output variables thereby the feed to the main application is now coming from a fake feed

Image source: “Remote ID Proofing - Good practices” - A Report by ENISA 

3. Intercept the traffic with a man-in-the-middle attack

The selfie image capture or the liveness evaluation result is tampered in the payload that the SDK sends to the server. The payload tampering marks all images as live or changes the default image

Image source: “Remote ID Proofing - Good practices” - A Report by ENISA 

4. Using a device emulator

In this case since the emulator is on another computing device like a laptop, there are multiple tools that moder emulators provide to make any of the above very simple

Image source: “Remote ID Proofing - Good practices” - A Report by ENISA 

Find the entire report by ENISA on 'Remote ID Proofing - Good Practices' here.

Bureau: Your most trusted liveness detection solution 

A completely rounded liveness detection solution requires a complete device guarding solution that helps with signals such as -

  1. Fake Camera Injection Detection
  2. Rooting Detection
  3. Hooking Detection
  4. MITM Attack Detection
  5. Emulator Detection

Bureau’s Behavioural AI and Device Intelligence technology combines the insights from the device signals mentioned above along with other behavioral insights like: 

  1. In the case of hacking or rooting, the hackers' selfie capture actions lack real sensor or accelerometer movement i.e. actual movement. The signal feels like typing detected but a selfie is taken!
  2. In the case of an emulator, one can observe a lot of static sensor data i.e. no physical movement is detected. 
  3. In the case of remote injections, even though the user has completed taking a selfie, the tap or touch size is almost zero - which is an anomaly. 

Choose Bureau for your fight against fraud 

You might also like

Learn More

See How Bureau Can Help Fight Fraud
Talk To Us