Injection Attack Detection

What are Injection Attacks?

As face liveness techniques have become increasingly sophisticated in repelling traditional presentation attacks (printed photos, 2D/3D masks, photo/video replay on screens, etc.), attackers have been compelled to evolve their tactics.

Injection attacks are a category of attacks that involve manipulating the biometric system to introduce genuine digital images of a subject, bypassing the biometric sensor (typically a camera in the case of facial biometrics). These attacks can target various components of the system:

  • Network Injection: Altering data transmitted between the client and server by modifying network messages.
  • Client Application Injection: Manipulating data exchanged between the client and server by modifying internal data payloads within web browsers or mobile apps.
  • OS Emulator and Emulated Camera Injection: Utilizing emulated environments to simulate camera input.
  • Virtual Camera Injection: Employing virtual camera software or browser extensions to feed digital images to the system.
  • Hardware-Based Injection: Utilizing customized or compromised hardware to bypass security measures.

Injected image data can originate from various sources, including:

Internet-Sourced Images: Images obtained from social media or other online platforms.

Live Streams: Real-time video feeds accessed through social engineering or other means.

Deepfakes : Digitally altered videos generated from existing images of the subject

A successful injection attack leverages one or more of these techniques to transmit a genuine image of the target to the server. This image, bypassing traditional liveness detection mechanisms, is accepted as authentic by the system unless additional safeguards against injection attacks are implemented.

A layered defense strategy is essential to mitigate the risk of injection attacks. This approach involves stacking multiple security measures to ensure comprehensive protection.

How to Prevent Injection Attacks

The strategies for preventing injection attacks vary depending on the attack

type and the configuration of the system (i.e. is it a mobile app, web app, etc.).

Traditional Methods and Their Limitations

Traditionally the mechanisms to prevent such attacks were to use “active” liveness checks that utilized a challenge/response protocol requiring a user to perform a random action such as a blink, nod, head turn, phone movement or light reflection to prove that they were real-time interactions with a human. However, attackers can now circumvent these measures by using social engineering to obtain real-time video feeds or employing deepfake technology to generate realistic video simulations of the active check. So, the challenge for modern systems is to detect image injections despite the advances that attackers have made.

Injection Attack Detection

Injection attack detection is a measure that from a security perspective should be enabled for all scenarios but like every AI algorithm it will have an associated error rate which could cause difficulties for genuine users depending on the device they are using. Daon’s advice is to apply both techniques where appropriate. Our customer success team can provide targeted advice and tuning for your particular use cases if required.

xFace Injection Attack Detection (IAD) supports injection attack detection for face capture. xFace provides support for virtual webcam detection, external devices, browser attacks, network attacks, 3D rendering, face morphing, face swap, cheap fake, deep fake, and more.

For steps on integrating xFace with your solution, see xFace Injection Attack Detection Integration.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
xFace Injection Attack Detection Integration
Edit on GitHub
On This Page
Injection Attack DetectionWhat are Injection Attacks?How to Prevent Injection AttacksTraditional Methods and Their LimitationsInjection Attack Detection