Singapore –iProov’s threat intelligence team has uncovered a new video injection tool designed to conduct advanced deepfake attacks, representing a significant development in digital identity fraud.
The tool operates on jailbroken iOS 15 or later devices, removing native Apple security restrictions and enabling deep system modifications. It is engineered to bypass weaker biometric verification systems and, in some cases, exploit identity verification processes with no biometric safeguards.
The attack is executed in several stages. First, the attacker uses a jailbroken iOS device to remove built-in protections. A remote presentation transfer mechanism (RPTM) server is then employed to connect the attacker’s computer to the compromised device.
From there, sophisticated deepfakes—created using generative AI—are injected directly into the device’s video stream. This process bypasses the physical camera, tricking applications into accepting fraudulent video as live footage. The injected deepfakes may include face swaps or motion re-enactments, enabling attackers to impersonate legitimate users or construct synthetic identities.
“The tool’s suspected origin is especially concerning and proves that it is essential to use a liveness detection capability that can rapidly adapt,” Andrew Newell, chief scientific officer at iProov, explained.
He further added, “To combat these advanced threats, organisations need multi-layered cybersecurity controls informed by real-world threat intelligence, combined with science-based biometrics and a real-time detection capability that can rapidly adapt to verify a user’s identity.”
Video injection attacks demonstrate the limitations of traditional identity verification approaches. To address this threat, organisations are urged to implement a multi-layered defence that confirms a user’s identity against official records, verifies that the individual is a real human through imagery and metadata analysis, and ensures the interaction is happening in real time to prevent replay attacks.
Alongside these measures, combining advanced technologies with expert monitoring, incident response, and proactive threat analysis strengthens resilience against sophisticated attacks.
By implementing multiple safeguards simultaneously, organisations can make it significantly more challenging for attackers to compromise identity verification systems, even when using advanced tools such as video injection deepfakes.
