Fraud, evolved: Ingenium spotlights biometric injection attacks and IAD assurance

Biometric injection attacks are emerging as the key vulnerability in biometric remote identity verification and user authentication systems, making assurance that protections against them are effective vital to keeping organizations from being overwhelmed by fraud.

Ingenium Biometric Laboratories CTO Chris Allgrove explained the extent of this crisis and how the necessary assurance for injection attack detection technologies can be provided in the latest lunch talk from the European Association of Biometrics.

The EAB has been following the threat as it has emerged. Allgrove’s presentation on “Biometric injection attacks: Emerging threats and assurance” comes a year and a half after CLR Labs Director Kévin Carta presented the industry’s first international IAD standard in another lunch talk.

Biometric injection attacks as the current biometric security frontier

While “the initial security barrier is probably slightly higher,” injection attacks are scalable in a way that biometric presentation attacks are not, Allgrove notes.

Allgrove reviewed common injection attack methods, including software and hardware-based virtual cameras, external video capture cards, mobile device emulators and exploits of the app or operating system, and injection attack instruments, from replays to deepfakes.

The attack surface for injection attacks is anywhere between the biometric sensor and the orchestrator or integrator, or if one is not present, the biometric comparison component. That means the attack occurs in front of the app, within the app or after it.

Remote identity verification is typically unsupervised, and carried out for high-value transactions, and prone to injection attacks on either the biometric probe or ID document submission portion of the process.

Allgrove describes presentation attack detection subsystems as “fairly mature at this point and effective these days.” In this context, injection attacks are the biometrics industry’s principal fear in 2026.

Apple products are prone to injection attacks, but most are carried out against Android devices, according to Allgrove.

These attacks are new, but they have increased in number very rapidly, supported by “a bunch of different online communities that specifically provide information around how to deliver these attacks,” Allgrove says, citing one with 45,000 users. They are contributing to the lowering barrier to carrying out these kinds of attacks.

Deepfake identity documents still tend to be detectable, Allgrove says, but they have already improved dramatically compared to just a couple of years ago.

Enter IAD

Injection attacks are not just a problem within the domain of biometrics, but also a cybersecurity problem.

Using the biometric data to detect injected data is what differentiates IAD from other measures, like penetration testing. That means IAD targets the injection attack instrument. As such, some injection attack defense mechanisms are also features of PAD subsystems.

To be robust, Allgrove says, the IAD system should have mechanisms to defend against both the methods and instruments used in biometric injection attacks.

To make sure they work, he says, IAD assurance is necessary. And the same evaluations that measure the success of IAD systems can also help to identify residual risk.

These kinds of insights are being codified in standards. But it will likely take almost another two years for ISO/IEC 25456 to become a mature standard, Allgrove says. In the meantime, The FIDO Alliance has added IAD requirements to its Biometric Component Certification (BCC) program, and the UK is developing guidance on testing IAD for the DIATF.

Allgrove summarized the CEN TS 18099 standard that is informing the ISO standard, and the principles that should inform evaluations to make them practically valuable. He also emphasized that bespoke and threat-driven tests can provide additional assurance of the protection of biometric systems against injection attacks.

The assurance provided by IAD evaluations fades over time though, Allgrove points out, in the context or a rapidly-evolving threat landscape. That means to be fit for purpose, IAD effectiveness testing needs to be repeated regularly.

And testing should not just be repeated, but effective. Tests should reflect real-world attacks, and therefore must go beyond a checklist, or a “desk-based review.”

Article Topics

biometrics  |  biometrics research  |  CEN/TS 18099  |  EAB  |  EAB 2026  |  IAD certification  |  Ingenium Biometrics  |  injection attack detection  |  ISO 25456  |  remote identity proofing