A deepfake tool that could defeat weak facial biometric authentication systems was recently discovered by iProov, the company reported Wednesday.An unnamed threat group, suspected to be of Chinese origin, claims the tool can bypass the physical camera on jailbroken iPhones running iOS 15 or later iOS versions. The attack is reported to work on iPhones that have been altered to have “native Apple security restrictions removed,” according to iProov.The tool allows AI-generated deepfake videos to be injected directly into the device’s video stream, in place of a live camera feed, from the attacker’s computer. The mechanism through which the computer connects to the jailbroken iPhone’s video stream is described as a “Remote Presentation Transfer Mechanism,” or RPTM.Deepfakes, which use generative AI to create a realistic recreation of a person’s likeness, could involve superimposing an image of a person’s face onto an existing video, or creating a video using a static image of the victim.Bypassing the camera to display a deepfake video could be used to trick facial biometric systems on iOS apps that trust the iPhone camera to present an accurate live feed.“The discovery of this iOS tool marks a significant breakthrough in identity fraud and confirms the trend of industrialized attacks. The tool’s suspected origin is especially concerning and proves that it is essential to use a liveness detection capability that can rapidly adapt,” iProov Chief Scientific Officer Andrew Newell said in a statement.Liveness detection is designed to prevent attacks on biometric systems that attempt to use a prerecorded video of the victim, or deepfake videos, to complete authentication. More advanced liveness detection systems, such as those that use challenge-response mechanisms, could be more effective in thwarting replay attacks that hijack a device’s video feed.SC Media reached out Apple for comment on this reported misuse of jailbroken iPhones and did not receive a response.
Identity, AI/ML, Application security, Generative AI, IAM Technologies

Deepfake tool could defeat biometric authentication with jailbroken iPhone


Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



