Intelligent CIO Africa Issue 76 | Page 58


Managing your network access to prevent biometric threat attacks using your personal image

As governments and businesses continue to unlock new value and efficiency through digital services , one key challenge remains . Organisations need to be assured that the person on the other side of the screen is human and are who they claim to be . INTERPOL ’ s firstever Global Crime Trend report estimates that over 70 % of respondents , all from law enforcement expect crimes such as ransomware and phishing attacks to increase significantly in the next three to five years .

This renders traditional verification technologies such as one-time passwords , OTPs outdated and a security risk . Biometrics such as iris and retina offer a deeper method of verification but fall short in terms of liveness – they cannot bind a digital identity to a real-world individual in motion . In addition to this , the technology used to capture this biometric data may not always be as accessible or inclusive as required .
2022 saw dramatic changes in digital injection attacks . Criminals are now
Gur Geva , Founder and CEO of iiDENTIFi advancing across platforms , targeting mobile web , native Android , and native iOS via emulators . With the emergence and growth of sophisticated face swaps , low-skilled criminals now have the means to launch advanced attacks . Threat actors launched motion-based attacks simultaneously and at scale against hundreds of systems globally .
In the past year there has been a 149 % increase in threat actors using emulators to attack mobile platforms . There has also been a 295 % increase in novel face swaps . This is according to a new biometric threat intelligence report by iProov .
Gur Geva , Founder and CEO of iiDENTIFii , a premier partner of iProov in Africa , says , “ Biometric attacks continue to grow in volume , intensity and sophistication . If we are to successfully combat these risks , we need to uncover and understand the anatomy of biometric attacks .”
Biometric security threats currently fall into two categories : presentation attacks and digital injection attacks . Presentation attacks refer to photos , videos or even masks being held up to a screen to fool the technology into mapping the features of the identity being defrauded . In the case of digital injection attacks , imagery is injected directly into the video stream , either through emulators , hacking tools , or virtual cameras .
Three types of synthetic injection attacks dominated the threat landscape in 2022 : two-dimensional image face swaps , imageto-video deepfakes and video face swaps . The iProov report defines face swaps as a form of synthetic imagery created using two inputs where a criminal combines traits from one face , such as motion , with the appearance of another face to create a new synthetic 3D video output .
This results in a product that carries the person ’ s individual facial features so accurately that the imagery can match their government-issued identification photograph . p
58 INTELLIGENTCIO AFRICA www . intelligentcio . com