AI-driven deepfake attacks expose mobile KYC liveness gaps

At a glance

What this is: This is iProov’s analysis of how face-swapped imagery injection can bypass mobile KYC liveness verification and enable impersonation.

Why it matters: It matters because identity teams treating biometric onboarding as a one-time gate may miss a fast-evolving attack path that affects human identity, fraud controls, and downstream access governance.

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.

👉 Read iProov's MITRE ATLAS case study on deepfake injection and mobile KYC

Context

Mobile KYC liveness verification is meant to prove that a real person is present during onboarding or authentication, but generative AI has made that assumption weaker. When face-swapped video, virtual camera apps, and readily available tooling can pass a liveness check, the control is no longer measuring the thing defenders think it is.

For IAM and fraud teams, the issue is not biometric novelty alone. It is that onboarding controls built around a single moment of proof now sit inside a broader identity lifecycle that includes account creation, privileged access, and ongoing assurance. Once that first gate fails, downstream trust can be built on a false identity foundation.

Key questions

Q: How should security teams harden mobile KYC against deepfake injection attacks?

A: They should combine liveness testing with camera integrity checks, device validation, and fraud telemetry. A single biometric score is not enough when attackers can substitute the video feed itself. The right goal is to verify the capture path, the device, and the identity signal together before granting trust.

Q: Why do facial verification controls fail when synthetic media is easy to generate?

A: They fail because many deployments assume the attacker will struggle to create convincing input or alter the camera stream. Generative AI and virtual camera tools reduce that cost. Once those assumptions break, the control measures presentation quality but not source authenticity, which leaves impersonation paths open.

Q: What should organisations measure to know if KYC liveness is actually working?

A: They should measure resistance to replay, face-swap, and camera-substitution attempts, not just pass rates in normal user sessions. If testing only covers honest users, the control can look effective while still failing under realistic attack conditions. Adversarial test coverage is the real indicator of assurance.

Q: Who is accountable when a fraudulent identity passes remote verification?

A: Accountability usually sits across fraud operations, identity governance, and the business owner that accepted the onboarding risk. If the verification control was not tested against realistic injection scenarios, the gap is procedural as well as technical. Governance teams should define who can approve exceptions and who owns remediation.

Technical breakdown

How face-swapped imagery injection defeats mobile KYC liveness

Active liveness systems typically look for image artefacts, motion cues, and camera consistency to distinguish a live user from a replay or synthetic feed. The attack described here combines generative face swapping with a virtual camera application that replaces the device camera stream, allowing manipulated video to enter the verification workflow as if it were legitimate sensor output. The weak point is not just the model, but the assumption that camera input is trustworthy. Once the feed itself can be substituted on a non-rooted device, the liveness decision becomes a check on presentation rather than presence.

Practical implication: treat camera integrity and feed provenance as controls, not just biometric matching quality.

Why KYC assurance fails when deepfake tooling becomes low cost

The article’s core point is that attack economics have changed. Face-swapping software, screen broadcasting tools, and virtual camera apps are now easy to obtain and chain together, which lowers the barrier for impersonation attempts. That changes KYC from a single-control problem to a layered assurance problem that includes device validation, signal consistency, and fraud correlation. If a control assumes that synthetic content is rare or technically demanding, it will underperform in real-world onboarding where attackers can iterate quickly and cheaply.

Practical implication: build KYC assurance around multiple signals, not a single biometric verdict.

CEN 18099 and the move toward testable liveness controls

The article points to CEN 18099 as a standard that brings more rigorous testing discipline to injection resistance in remote identity verification. That matters because many biometric programmes rely on vendor claims without measuring how systems behave under realistic injection attempts. Standards-driven testing creates a way to compare whether liveness controls can withstand synthetic media, camera substitution, and presentation attacks. For identity leaders, the architectural question is not whether a solution uses biometrics, but whether the assurance model can survive adversarial input at the capture layer.

Practical implication: require evidence of injection testing before treating liveness as a compensating control.

Threat narrative

Attacker objective: The attacker’s objective is to impersonate a legitimate user well enough to pass KYC and gain access to accounts or onboarding flows that should have been blocked.

1. Entry begins when an attacker collects target identity images from public sources and prepares a face-swapped video stream for use in remote KYC.
2. Escalation occurs when the attacker uses streaming software and a virtual camera application to inject manipulated footage into the identity verification flow and bypass liveness checks.
3. Impact follows when the attacker authenticates under a fictitious identity, opening the path to fraudulent onboarding or privileged account access.

Breaches seen in the wild

• IOS app secrets leakage report — iOS apps leaking hardcoded secrets and credentials endangering user privacy.
• DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Mobile KYC is no longer a single-point trust decision. This case study shows that identity verification now faces a compound attack chain, not just a spoofed face. Once image source, video stream, and device camera can all be manipulated, the control is validating presentation quality rather than identity truth. Practitioners should read this as a warning that onboarding assurance must be treated as a layered trust problem, not a one-time biometric event.

Continuous verification is becoming more important than stronger capture alone. The article demonstrates that attack tooling can move faster than static liveness assumptions. That means fraud teams and IAM teams need to evaluate how identity confidence degrades after the first check, especially when the same identity can be reused for account opening, recovery, or step-up authentication. The practical conclusion is that trust established at capture must be revalidated across the lifecycle.

Attackers are exploiting the liveness trust gap, not just biometric weakness. The named concept here is the liveness trust gap: the distance between what a biometric system is designed to confirm and what an attacker can actually inject into the capture flow. When virtual camera substitution and face-swapped media are enough to pass, the failure is not only technical but governance-related. Identity leaders should recognise that assurance claims without injection resistance are structurally incomplete.

CEN 18099 matters because it turns biometric security into a testable assurance question. Standards are useful here not as compliance theatre, but as a way to force evidence against realistic attack methods. Organisations operating in regulated onboarding environments should treat verified resistance to presentation and injection attacks as a baseline expectation, not a premium feature. The practitioner takeaway is to anchor procurement and assurance reviews in adversarial testing evidence.

Fraud controls and IAM governance now intersect at the onboarding edge. A successful KYC bypass is not just a fraud event, it is an identity governance failure that can contaminate downstream access decisions. Once a fake identity is accepted, role assignment, recovery paths, and account privileges may all inherit that false trust. Security leaders should stop treating onboarding as isolated from IAM and instead evaluate it as the first control point in the identity lifecycle.

From our research:

• Only 5.7% of organisations have full visibility into their service accounts, according to the Ultimate Guide to NHIs.
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
• For a broader control lens, see 52 NHI Breaches Analysis for how identity failures cascade into real-world compromise.

What this signals

liveness trust gap: organisations should treat biometric onboarding as an adversarial control surface, not a single verification event. As attack tooling gets cheaper, the security programme has to assume that image input, camera path, and device context can all be manipulated. That shifts investment from one-off accuracy tuning toward testable assurance evidence and stronger capture provenance.

With only 5.7% of organisations reporting full visibility into their service accounts, per the Ultimate Guide to NHIs, identity programmes are already weak on non-human assurance. The same governance blind spot that hides machine access also makes it easier to miss where false human identities can enter downstream access paths.

The next planning step is to align fraud, IAM, and application security around shared assurance metrics. Organisations that still assess onboarding only by pass rate are measuring convenience, not resilience. The better signal is whether the control resists realistic injection attempts and whether a failed identity can still influence recovery or privileged access flows.

For practitioners

• Test liveness controls against injection attacks Require red-team validation for face-swapped video, virtual camera substitution, and replay-style attacks before accepting a biometric onboarding flow as production-ready.
• Validate camera and feed provenance Add device integrity checks, camera-source validation, and telemetry correlation so a liveness verdict is not based only on the visible image stream.
• Treat KYC as an identity lifecycle control Connect onboarding assurance to recovery, privilege assignment, and account monitoring so a false acceptance does not become durable access.
• Use standards evidence in procurement Ask for documented testing against injection scenarios and compare controls using recognised standards such as CEN 18099 rather than marketing claims.

Key takeaways

• Face-swapped video and virtual camera substitution turn mobile KYC into a test of feed integrity, not just facial similarity.
• The practical risk is not abstract deepfake hype, it is fraudulent identity acceptance that can cascade into account creation and privileged access.
• Organisations should require injection testing, device validation, and lifecycle-linked assurance before treating biometric onboarding as trustworthy.

Key terms

• Liveness Verification: A biometric check intended to confirm that a real, live person is present during capture. In practice, it evaluates motion, image behaviour, or interaction signals, but it can fail if the camera feed or media source is manipulated before the verification engine sees it.
• Presentation Attack: An attempt to fool a biometric system by presenting fake, replayed, or altered input rather than a genuine live signal. The attack targets the capture stage, so a system that only scores image quality may miss the underlying source compromise.
• Camera Substitution: The act of replacing a device’s normal camera feed with another video source, such as a virtual camera application. This defeats controls that assume the sensor is trustworthy and is especially dangerous when identity verification relies on live video input.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by iProov: Deepfake Injection Evades Mobile KYC Liveness Verification. Read the original.