iProov releases report on biometric attack trends

Tuesday 7 February 2023 12:17 CET | News

Biometric authentication and identity verification provider iProov has released a report that provides analysis and insights into attack trends facing biometric systems.


The iProov Biometric Threat Intelligence Report reveals the most recent attack trends on biometric verification systems and information on how they can be mitigated.

Report findings on the biometric threat landscape in 2023

Based on press release information, digital identities have been increasingly leveraged following organisations’ and governments’ digital transformation projects’ evolution, as well as users’ demand for remote accessibility for everything, from creating a bank account to applying for government services. Looking to support this transformation, a multitude of organisations have adopted biometric face verification, as it has wide recognition for providing the most user-friendly, secure, and inclusive authentication solution.

However, as biometric face verification gains traction and is more widely adopted, threat actors are targeting all systems with sophisticated online attacks. In order to achieve both user-friendliness and security, organisations should evaluate the resilience of their biometric solutions in the face of these complex attacks.

Digital injection attacks

Report findings highlight that digital injection attacks, where malicious actors bypass a camera feed to trick a system with either synthetic imagery or video recordings, have had a fivefold frequency increase in the online space throughout 2022 when compared to persistent presentation attacks, such as showing a photo or mask to a system. 

This is believed to be caused by the ease with which they can be automated, as well as the rise in access to malware tools. As over three-quarters of malware available on the dark web is purchasable for less than USD 10 and there is an increase in malware-as-a-service and plug-and-play kits, only 2-3% of current threat actors are advanced coders.

Biometric authentication and identity verification provider iProov has released a report that provides analysis and insights into attack trends facing biometric systems.

Additionally, mobile platforms have also been identified as being increasingly vulnerable, with attacks leveraging software known as emulators, which mimic the behaviour of mobile devices. Organisations are warned against relying on device data for security, as there has been a 149% increase in threat actors targeting mobile platforms in H2 2022 compared to H1.

Deepfake threats

Attacks that leverage deepfake technology have also increased in frequency in 2022. As per the announcement, the technology is debated and becoming mainstream and bans on its non-consensual use form an important part of the draft of the UK Online Safety Bill. Nowadays, cyber-attackers leverage it to create 3D videos that trick the systems into having the belief that the real consumer is aiming to authenticate.

What is more, in 2022 the use of novel face swaps arose, a new type of synthetic digital attack that combines existing video or live streams and superimposes another identity over the original feeds in real time. These attacks present challenges in being detected for both active and passive verification systems and following their emergence in H1 2022, novel face swaps increased by 295% in H2 2022.

The announcement details that motion-based attacks launched ‘en masse’ throughout the globe have occurred thrice a week, sending bursts of 100-200 verification attempts concomitantly to try and overwhelm platforms. The attacks targeted different systems simultaneously, irreverent of industry or geography, thus suggesting that no organisation is safe. Furthermore, motion-based verification systems that leverage motions such as smiling, nodding, and blinking, were frequently targeted.

As per press release information, the iProov Biometric Threat Intelligence 2023 report is informed by data from the iProov Security Operations Center (iSOC) and expert analysis.

More: Link

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: research, online fraud, biometrics, deep fake, identity fraud, identity verification, synthetic identity, emulators, cybercrime, biometric authentication
Categories: Fraud & Financial Crime
Companies: Iproov
Countries: World
This article is part of category

Fraud & Financial Crime


Discover all the Company news on Iproov and other articles related to Iproov in The Paypers News, Reports, and insights on the payments and fintech industry: