iProov, the provider of “science-based” biometric identity verification solutions, announced that an attack scenario demonstrated by the iProov in-house Red Team has been released by MITRE ATLAS, the global knowledge base advancing AI security, threat mitigation and privacy. The case study confirms a critical, high-risk vulnerability in the remote identity verification Know Your Customer (KYC) process, “exposing users worldwide.”
iProov’s contribution, which includes a “procedure overview, demonstrates how readily available face-swapped imagery injection attacks can evade mobile KYC.”
The case study places iProov alongside contributions from cybersecurity and technology professionals, “including Microsoft, NVIDIA, IBM, Intel, Cisco, Palo Alto Networks, Kaspersky, CrowdStrike, and Trend Micro, all working collaboratively to shape future defense tools and frameworks.”
This case study validates the critical importance for organizations to seek vendors that have “been tested against the recent European standard CEN 18099, which establishes rigorous testing protocols against injection attacks and represents a significant advancement in remote identity verification security standards.”
This validation by MITRE underscores “a critical security gap in the financial services, banking, and cryptocurrency sectors, where remote identity verification is mandatory for user onboarding and authentication.”
The research demonstrates why active liveness solutions are particularly vulnerable:
- Active liveness detection relies on analyzing image artifacts and user movement, which sophisticated AI-generated deepfakes can now convincingly replicate.
- Substituting a mobile device’s camera with a virtual camera application allows attackers to bypass device-level security controls.
The security exercise conducted by “the Head of iProov Red Team, Dr. Panos Papadopoulos, specifically targeted the crucial identity verification process known as Know Your Customer (KYC), commonly used by mobile applications in financial services, banking, and cryptocurrency.”
The attack procedure reportedly involved several different steps:
- Reconnaissance and Resource Development: iProov Red Team collected user identity information and high-definition facial images from online sources. They obtained Faceswap, a desktop application that uses generative AI to swap faces in a video in real time.
- Tool Acquisition: They then used Open Broadcaster Software (OBS) to stream a video. Crucially, they acquired Virtual Camera: Live Assist, an Android application that allows users to replace the device’s default camera feed with a video stream, and it operates successfully on genuine, non-rooted Android devices.
- Deepfake Generation: Using the gathered victim images, the Red Team used Faceswap to produce live deepfake videos that mimicked the victims’ appearances.
- Initial Access and Evasion: During the identity verification stage on a financial services application, the team streamed the deepfake video feed using OBS and the Virtual Camera app. This method successfully evaded the liveness system.
- Impersonation: This evasion allowed Dr. Panos Papadopoulos to authenticate under a fictitious identity, demonstrating that adversaries could gain access to a victim’s privileged systems or create fake accounts on banking or cryptocurrency apps, resulting in significant financial harm.
iProov’s contribution, released by MITRE ATLAS, provides “independent, third-party validation of vulnerabilities in mobile KYC identity verification systems.”
This research validates the importance of “moving beyond vulnerable non-compliant liveness.”
The recent European standard CEN 18099, which “establishes rigorous testing protocols for liveness detection, represents a significant advancement in biometric security standards.”
The work conducted by the iProov Red Team informs security analysts and AI developers “across industries about realistic threats to AI-enabled systems, enabling more informed threat assessments and effective internal red teaming.”
MITRE encourages collaboration across “government, industry, and academia to help shape future tool and framework developments in AI security, threat mitigation, privacy, and other aspects of AI assurance.”
As noted in the update, the MITRE ATLAS (Adversarial Threat Landscape for AI Systems) framework is a “globally accessible, living knowledge base of adversary tactics and techniques based on real-world attacks, modeled after the MITRE ATT&CK framework.”