FB pixel

Exponential hacking of biometric authentication reveals some defenses already overwhelmed

Also, dark web tools for criminals spread
Exponential hacking of biometric authentication reveals some defenses already overwhelmed

“Motion-based is completely broken,” says Andrew Bud, founder and CEO, iProov, of biometric identity authentication where users are asked to perform actions to guarantee liveness for accessing services. His firm’s global monitoring center finds that attacks involving mobile phone emulators on desktops rose 149 percent and digital injection face swap attacks are up 295 percent. Those figures are for the second half of 2022 compared to the first half.

iProov’s Security Observation Centre (iSOC) is detected up to 200 injection attacks per day. But the evolution of digital injection attacks, where criminals feed images into an authentication process rather than attempt to trick the system by doing something in front of a camera, is proving even more concerning. iProov is detecting three cases a week where simultaneous attacks are launched on a global scale.

“We saw within 24-48 hours an Eastern European attacker invent a new attack method aimed mainly at motion-based liveness and just blitz the entire industry worldwide looking for any kind of system that would show vulnerability,” said Budd speaking at a Westminster eForum.

“And when they found systems that would show vulnerability, they would attack it.”

The digital injection attacks are no longer desktop web browser only, but happening on mobiles.

Also in 2022, iProov, which supplies biometric authentication to large-scale public services worldwide such as the NHS app for the UK public health service, detected a marked improvement in criminals’ ability to spoof metadata and in the quality of images used in attacks. Emulator use is rising in mobile web – across both Android and iOS.

The rise in face swap attacks show how the technology has become simple enough for lower-skilled criminals to use, who acquire tool kits on the dark web.

iProov’s iSOC observes what is happening with biometrics worldwide, says Budd. “Every single time a biometric authentication is made, it is triaged and searched for evidence of fraud,” says the CEO of the system whose process are subject to eIDAS audit.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News


Age verification comes to social media as age of unregulated use nears an end

If trends continue, social media is set to follow in the path of cigarettes: an activity benefitting early from lax…


AI can save UK govt £40B annually, transform public services: Blair Institute

AI will soon be used to pre-check applications for correct information, triage cases by calculating complexity and routing them appropriately,…


Papua New Guinea completes national data protection and governance policy

The Ministry of Information and Communications Technology has announced the completion of the national data protection and governance policy, marking…


Interpol issues call for biometrics firm to provide mobile data collection devices

Interpol has issued a tender for mobile ​​biometric collection (MBC) devices for collecting fingerprints and facial images. Specifically, the project…


ICE, CBP sued for details on migrant data sharing agreements

Digital rights advocacy group Access Now is suing the U.S. Customs and Border Protection (CBP) and Immigration and Customs Enforcement…


French travel minister joins UK lawmakers in floating EES postponement

The European Union’s biometrics-based travel scheme is raising concern in France with the local transport minister not excluding postponement. Minister…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events