In the context of identity verification and fraud, an injection attack is when a fraudster bypasses a device's physical camera and injects a fake image or video directly into the verification data stream.
Rather than pointing a camera at a photo or screen (which is a presentation attack), the fraudster manipulates the digital capture process itself so the system believes it's receiving a live camera feed when it's actually receiving AI-generated or stolen content.
The CEN/TS 18099 standard establishes the first framework for the effectiveness of injection attack detection (IAD). It focuses on detection capabilities for uncovering:
Injection attack methods (IAMs), or how the attack injects content. Examples include using a virtual camera, a mobile device emulator, and function hooking.
Injection attack instruments (IAIs), or what the attacker is injecting. Examples include deepfakes, synthetic content, and stolen images or videos from identity theft victims.
Persona combines IAD with image and population-level analysis to capture injection attacks, deepfakes, and bots. You can read more about the multi-layered approach in this two-pager.