iProov Threat Intelligence Uncovers New iOS Video Injection Tool Designed for Sophisticated Deepfake Attacks

The threat intelligence team at iProov, the world’s leading provider of science-based biometric identity verification solutions, has uncovered a highly specialized tool designed to perform advanced video injection attacks, marking a significant escalation in digital identity fraud. The tool is deployed via jailbroken iOS 15 or later devices and is engineered to bypass weak biometric verification systems—and crucially, to exploit identity verification processes that lack biometric safeguards altogether. This development signals a shift toward more programmatic and scalable attack methods.

The discovery is particularly significant given the tool’s suspected Chinese origins. It emerges amid heightened geopolitical tensions surrounding technological sovereignty and the security of digital supply chains. Governments are increasingly focused on mitigating risks posed by technology from non-allied nations, making the appearance of a sophisticated attack tool like this a matter of national security interest.

Digital injection attacks are sophisticated methods where malicious imagery is inserted directly into the video data stream rather than being presented to a camera. For this particular tool, the process unfolds in several stages:

How the iOS Video Injection Attack Works

1. Prerequisite: The threat group claims that the attack utilizes a jailbroken iOS 15 or later device, which has had its native Apple security restrictions removed, allowing for deep system modifications.
2. Connection: The attacker uses a Remote Presentation Transfer Mechanism (RPTM) server to connect their computer to the compromised iOS device.
3. Injection: The tool then injects sophisticated deepfakes—a form of synthetic media created with generative AI—from the computer directly into the device’s video stream. These can include face swaps, where a victim’s face is superimposed over another video, or motion re-enactments, where a static image is animated using another person’s movements.
4. Bypass: This process completely bypasses the physical camera, tricking an application on the device into believing the fraudulent video is a live, real-time feed.
5. Deception: The deepfake is then injected into the application for identity verification, allowing the fraudster to potentially impersonate a legitimate user or create a synthetic identity

“The discovery of this iOS tool marks a significant breakthrough in identity fraud and confirms the trend of industrialized attacks,” said Andrew Newell, Chief Scientific Officer at iProov. “The tool’s suspected origin is especially concerning and proves that it is essential to use a liveness detection capability that can rapidly adapt. To combat these advanced threats, organizations need multilayered cybersecurity controls informed by real-world threat intelligence—the kind analyzed by the iProov Security Operations Centre (iSOC)—combined with science-based biometrics and a liveness detection capability that can rapidly adapt to ensure a user is the right person, a real person, authenticating in real-time.”

A Multi-Layered Approach to Defense

The emergence of video injection attacks renders traditional identity verification methods insufficient. To combat this threat, organizations must implement a multi-layered defense approach that simultaneously confirms:

• The Right Person: Matching the presented identity to official documents/database to confirm the user is who they claim to be.
• A Real Person: Using embedded imagery and metadata analysis to detect malicious media and verify that the user is a genuine human, not a physical or digital spoof.
• In Real-Time: Employing a unique and passive challenge-response interaction to ensure the verification is happening live and is not a replay attack.
• Managed Detection and Response: Combining advanced technologies with human expertise for ongoing monitoring, incident response, and proactive threat hunting. This includes leveraging specialized skills to reverse-engineer potential attack scenarios and build defenses to mitigate them.

This multi-layered approach makes it exponentially more difficult for attackers to successfully spoof identity verification systems. Even advanced attacks struggle to simultaneously defeat all of these security measures while maintaining the natural characteristics of genuine human interaction.