A leading provider of science-based biometric identity verification solutions has discovered a new AI tool that elevates digital identity fraud to a higher level. iProov, the company behind the finding, believes that the tool, suspected to originate from China, employs a form of digital injection attack that can insert malicious imagery directly into an iPhone’s video data stream, overriding the camera’s view.
This sophisticated software makes identity fraud scalable rather than limited to isolated incidents. iProov emphasizes that the combination of these two factors elevates the discovery to a matter of national security interest.
Here’s how the attack operates, as explained by iProov:
- The user possesses a jailbroken iPhone running iOS 15 or later.
- The attacker utilizes a Remote Presentation Transfer Mechanism (RPTM) to connect their computer to the compromised iPhone.
- Deepfakes are injected into the iPhone’s video stream, which can include face swaps or motion reenactments.
- These deepfakes deceive the iPhone into perceiving the video as a live, real-time feed, bypassing the camera’s detection.
- The injected deepfake can then be used for identity verification, enabling the impersonation of a legitimate user or the creation of a synthetic identity.
How to Determine if Your iPhone is Jailbroken
A jailbroken iPhone eliminates Apple’s software restrictions, allowing users root access to the operating system and the installation of third-party apps not found on the App Store. While this can provide flexibility, it also poses security risks and potential system issues. If you acquired your iPhone new from a reputable source like Apple, a carrier, or a major retailer, it’s unlikely to be jailbroken unless intentionally modified. However, if you obtained your iPhone second-hand or had it serviced by a non-Apple entity, it’s crucial to verify its jailbreak status.
It’s important to note that a jailbroken iPhone differs from an unlocked one. While an unlocked iPhone permits the use of different carriers, a jailbroken device compromises security and stability. To check for jailbreaking, watch for the following indicators:
- Search for alternative app stores such as Cydia, Sileo, or Zebra on the device.
- Review the “VPN & Device Management” and “VPN” sections in Settings for unfamiliar entries.
- Monitor app behavior for anomalies, as some applications may not function on jailbroken devices.
If a jailbreak is suspected, restoring the device to factory settings is recommended to remove the modification. Avoid restoring backups, as they may be compromised. Additionally, update critical passwords and remain cautious of potential security threats.
iProov warns that the new digital injection attack can be deployed on a large scale, necessitating advanced security measures. As AI-driven identity fraud evolves, users must remain vigilant and informed to protect their personal data. While Apple offers security features like encryption and Face ID, staying updated and maintaining privacy settings are crucial safeguards against emerging threats.
