Everything you need to know about video injection attacks

Identity fraud is a scourge... a fact on which everyone agrees. And it's becoming easier and easier to carry out with the ubiquity of artificial intelligence, accessible to all. But how do fraudsters go about it? What are their various techniques for stealing a person's identity?

In our previous article, we looked at the technique of presentation attacks. Today, we invite you to discover another type of fraud, commonly known as "video injection attacks".

What is a video injection attack?

As we have seen, presentation attacks are defined by the presentation of an artifact in front of the camera to impersonate a person, such as a printed photo, a video or even a mask representing the face of the targeted person. But today's technologies are increasingly powerful and almost infallible in detecting this type of attack, making them almost obsolete.

As a result, fraudsters are turning to more elaborate ways of bypassing life detection technologies, such as video injection attacks.

How does a video injection attack work?

In practice, an injection attack is carried out by "injecting" a file into the capture system:

• either by replacing the physical camera with a virtual one (recognized as a camera by browsers and selectable from the list of cameras)

• or by modifying the camera stream in the browser code (via a hook).

This type of so-called sophisticated attack is nonetheless very simple to carry out, since physical cameras can be hijacked via applications or software available to everyone. What's more, the fraudster no longer even needs to steal a video of his target: any AI can create a deepfake video from a photo found on social networks, for example.

So what's the difference between a video injection attack and a deepfake?

The terms "deepfake" and "video injection attack" are often confused, and rightly so, since the majority of injection attacks are deepfakes. The difference lies in the fact that deepfake is simply a form of file used to spoof an identity, injecting it to bypass the system. An injection attack can be carried out with a real video of a real person, and conversely, a deepfake can be used for a presentation attack (broadcast on a tablet and presented to the camera, for example).

How to protect your users and your business against video injection attacks?

The spread of deepfakes combined with the simplicity of video injection is having catastrophic consequences. Chilling figure: video injection attacks increased by almost 300% in 2022! So how can we trust the digital world when identity theft is so easy?

There are several possible approaches to the detection of video injection attacks, which can be combined:

• Virtual camera detection.

• Real-time stream detection using a random active or passive "challenge-response" such as a movement requested of the user

• Detecting deep fakes using deep learning: algorithms learn to detect whether a video has been tampered with. 

Because identity fraud has terrible repercussions for the general public and businesses alike, it's becoming urgent to stay one step ahead and equip yourself with effective identity verification solutions. Find out the ultimate criteria for choosing your facial biometrics partner in our article.