Jun 1, 2025
Digital Injections: An Imminent GenAI Threat to Liveness Detection
Digital Injections: An Imminent GenAI Threat to Liveness Detection
Digital Injections: An Imminent GenAI Threat to Liveness Detection
Fraudsters are increasingly leveraging GenAI to intercept and interfere with liveness detection solutions during the KYC process. This lets malicious actors enter the financial ecosystem, where they then wreak havoc by laundering money or committing other forms of financial crime. One such GenAI threat is the use of digital injections. Find out more here.
Sriram Raja



Table of Contents
Liveness detection solutions are slowly becoming an integral part of digital identity verification by detecting fraudsters that attempt to use spoofing methods like deepfakes, stolen images or silicone masks and gain unauthorized access to an online application or service.
Even though generative AI has had a positive impact across multiple industries, it comes with a set of some strong drawbacks in the financial sector. Fraudsters are increasingly leveraging GenAI to intercept and interfere with liveness detection solutions during the KYC process. This lets malicious actors enter the financial ecosystem, where they then wreak havoc by laundering money or committing other forms of financial crime.
The simplest solution to prevent attempts at spoofing would be to capture live faces i.e. a real-time capture of a human performing some action or at the minimum an auto-capture. This in itself prevents a lot of deep fake attacks and images created by generative AI.
However, this solution is not foolproof and it is not complete. Simple capture-based liveness solutions can be taken down by digital injection attacks. Digital injection attack incidents surged during 2022, with approximately five times more frequent and sophisticated incidents than current presentation attacks.
What are digital injection attacks?
Digital injections are highly sophisticated cyberattacks that bypass the source of an image/video capture (essentially the device) and directly feed false data into the data stream. These injections are of such high quality that they ultimately deceive the biometric verification and liveness detection systems in place.
How does it work?
In the case of captures by a regular camera, the flow is:
App prompts user to take a selfie or a video
User uses their phone app to take a selfie or a video
App collects this selfie from the phones’ capture
App uses facial recognition technology to look for features that indicate liveness
In the case of a digital injection attack:
App prompts the user to take a selfie or a video
User uses their phone app to take a selfie or a video
App attempts to collect this from the phone
Hacker interferes with the selfie collection process and gives an artificially generated capture to the app
App uses facial recognition to look for features that indicate liveness
The three common methods of digital injections:
There are different ways of feeding a fake image or a fake person to the target application.
1. Inject using a virtual camera
A fake camera app can be installed for Android 11 and below which misdirects all applications requiring a camera to capture photos through a fake camera that feeds fake photos rather than the live photo

2. Root the device and hook the camera API
On a rooted device, the hacker is able to identify the code that executes the camera API and then manipulate its input / output variables thereby the feed to the main application is now coming from a fake feed

3. Intercept the traffic with a man-in-the-middle attack
The selfie image capture or the liveness evaluation result is tampered in the payload that the SDK sends to the server. The payload tampering marks all images as live or changes the default image

4. Using a device emulator
In this case since the emulator is on another computing device like a laptop, there are multiple tools that moder emulators provide to make any of the above very simple

Find the entire report by ENISA on 'Remote ID Proofing - Good Practices' here.
Bureau: Your most trusted liveness detection solution
A completely rounded liveness detection solution requires a complete device guarding solution that helps with signals such as -
Fake Camera Injection Detection
Rooting Detection
Hooking Detection
MITM Attack Detection
Emulator Detection
Bureau’s Behavioural AI and Device Intelligence technology combines the insights from the device signals mentioned above along with other behavioral insights like:
In the case of hacking or rooting, the hackers' selfie capture actions lack real sensor or accelerometer movement i.e. actual movement. The signal feels like typing detected but a selfie is taken!
In the case of an emulator, one can observe a lot of static sensor data i.e. no physical movement is detected.
In the case of remote injections, even though the user has completed taking a selfie, the tap or touch size is almost zero - which is an anomaly.
Liveness detection solutions are slowly becoming an integral part of digital identity verification by detecting fraudsters that attempt to use spoofing methods like deepfakes, stolen images or silicone masks and gain unauthorized access to an online application or service.
Even though generative AI has had a positive impact across multiple industries, it comes with a set of some strong drawbacks in the financial sector. Fraudsters are increasingly leveraging GenAI to intercept and interfere with liveness detection solutions during the KYC process. This lets malicious actors enter the financial ecosystem, where they then wreak havoc by laundering money or committing other forms of financial crime.
The simplest solution to prevent attempts at spoofing would be to capture live faces i.e. a real-time capture of a human performing some action or at the minimum an auto-capture. This in itself prevents a lot of deep fake attacks and images created by generative AI.
However, this solution is not foolproof and it is not complete. Simple capture-based liveness solutions can be taken down by digital injection attacks. Digital injection attack incidents surged during 2022, with approximately five times more frequent and sophisticated incidents than current presentation attacks.
What are digital injection attacks?
Digital injections are highly sophisticated cyberattacks that bypass the source of an image/video capture (essentially the device) and directly feed false data into the data stream. These injections are of such high quality that they ultimately deceive the biometric verification and liveness detection systems in place.
How does it work?
In the case of captures by a regular camera, the flow is:
App prompts user to take a selfie or a video
User uses their phone app to take a selfie or a video
App collects this selfie from the phones’ capture
App uses facial recognition technology to look for features that indicate liveness
In the case of a digital injection attack:
App prompts the user to take a selfie or a video
User uses their phone app to take a selfie or a video
App attempts to collect this from the phone
Hacker interferes with the selfie collection process and gives an artificially generated capture to the app
App uses facial recognition to look for features that indicate liveness
The three common methods of digital injections:
There are different ways of feeding a fake image or a fake person to the target application.
1. Inject using a virtual camera
A fake camera app can be installed for Android 11 and below which misdirects all applications requiring a camera to capture photos through a fake camera that feeds fake photos rather than the live photo

2. Root the device and hook the camera API
On a rooted device, the hacker is able to identify the code that executes the camera API and then manipulate its input / output variables thereby the feed to the main application is now coming from a fake feed

3. Intercept the traffic with a man-in-the-middle attack
The selfie image capture or the liveness evaluation result is tampered in the payload that the SDK sends to the server. The payload tampering marks all images as live or changes the default image

4. Using a device emulator
In this case since the emulator is on another computing device like a laptop, there are multiple tools that moder emulators provide to make any of the above very simple

Find the entire report by ENISA on 'Remote ID Proofing - Good Practices' here.
Bureau: Your most trusted liveness detection solution
A completely rounded liveness detection solution requires a complete device guarding solution that helps with signals such as -
Fake Camera Injection Detection
Rooting Detection
Hooking Detection
MITM Attack Detection
Emulator Detection
Bureau’s Behavioural AI and Device Intelligence technology combines the insights from the device signals mentioned above along with other behavioral insights like:
In the case of hacking or rooting, the hackers' selfie capture actions lack real sensor or accelerometer movement i.e. actual movement. The signal feels like typing detected but a selfie is taken!
In the case of an emulator, one can observe a lot of static sensor data i.e. no physical movement is detected.
In the case of remote injections, even though the user has completed taking a selfie, the tap or touch size is almost zero - which is an anomaly.

Solutions
Resources
Solutions
Solutions
Industries
Industries
Resources
Resources
Company
Company
Solutions
Solutions
Industries
Industries
Resources
Resources
Company
Company
© 2025 Bureau . All rights reserved. Privacy Policy. Terms of Service.
© 2025 Bureau . All rights reserved.
Privacy Policy. Terms of Service.
Follow Us
Leave behind fragmented tools. Stop fraud rings, cut false declines, and deliver secure digital journeys at scale



Contact Bureau

Contact Bureau
Leave behind fragmented tools. Stop fraud rings, cut false declines, and deliver secure digital journeys at scale



Contact Bureau

Contact Bureau