Back to identity glossary

Injection attack

In the context of identity verification and fraud, an injection attack is when a fraudster bypasses a device's physical camera and injects a fake image or video directly into the verification data stream.

Rather than pointing a camera at a photo or screen (which is a presentation attack), the fraudster manipulates the digital capture process itself so the system believes it's receiving a live camera feed when it's actually receiving AI-generated or stolen content.

The CEN/TS 18099 standard establishes the first framework for the effectiveness of injection attack detection (IAD). It focuses on detection capabilities for uncovering:

  • Injection attack methods (IAMs), or how the attack injects content. Examples include using a virtual camera, a mobile device emulator, and function hooking.

  • Injection attack instruments (IAIs), or what the attacker is injecting. Examples include deepfakes, synthetic content, and stolen images or videos from identity theft victims.

Persona combines IAD with image and population-level analysis to capture injection attacks, deepfakes, and bots. You can read more about the multi-layered approach in this two-pager.

Frequently asked questions

How do fraudsters get content to inject?

Toggle description visibility

Fraudsters might steal, buy, or create images and videos that they inject into verification streams. For example, they might use GenAI tools to create synthetic faces. Or, set up fake websites that trick people into submitting selfies and ID photos.

How do you detect injection attacks?

Toggle description visibility

A strong injection attack defense layers different methods to detect various injection attack methods (e.g., virtual camera or function hooking) and injection attack instruments (e.g., deepfakes or stolen selfies). These could include: capture integrity, media forensics, liveness detection, device/session signals, and backend pattern analysis.