ResourcesInsightsIdentity & Fraud
Identity Verification · Injection Attacks

Your Liveness Check Is Trusting a Face That Was Never There

Liveness works only when a real camera captures a real person. Injection attacks skip the camera and send a deepfake straight into the verification flow. The new control is provenance: prove where the video came from, not just what the face looks like.

FINX Insights
5 min read
July 2026
Identity · Biometrics · Fraud
The Broken Assumption

Liveness detection assumes there's a camera. Attackers just removed it

Traditional liveness was built to stop a fake face shown to a real camera — a photo, a replay, or a mask.

Injection attacks change the game. Instead of fooling the lens, the attacker bypasses it and injects synthetic video straight into the verification flow.

To the verification engine, the session can still look perfect: the face blinks, turns, and follows prompts. But the source is software, not a person.

Presentation attacks fool the camera. Injection attacks remove it.

FINX Insights — Identity & Fraud series, 2026
By the Numbers

The tools got cheap, fast, and easy

What changed is access. Deepfake tools, virtual cameras, emulators, and SDK tampering are now cheap, fast, and easy to use.

Minutes
Time to generate a convincing face-swap deepfake from a single photo
Free
Virtual-camera & emulator tools that feed frames into any app
Sharp rise
Growth in injection attacks reported across identity providers
Passive
Liveness that only watches pixels is blind to an injected feed
0
Frames the real device camera actually captured in an injection attack
The Shift

From fooling the lens to bypassing it

Fraud moved from attacking the image to replacing the capture path. Better liveness helps against what the camera sees, not against a feed the camera never produced.

The Evolution of the Face-Spoofing Attack
Printed photo
Held to the lens
Screen replay
Photo/clip on a phone
3D mask
Defeats basic depth
Deepfake to camera
Screen of a live fake
Injected stream
No camera at all
Everything up to the last step is a presentation attack — fake content shown to a real camera. The injected stream is a different category: there is no camera in the loop to defend.

That is why "we already have liveness" is no longer enough. The control is looking at the face while the attack happens before the face ever reaches it.

Why It's Hard

Three reasons injection slips through defenses that look solid

Injection slips through because teams trust the wrong layer: the image looks clean, the motion looks natural, and every challenge can still be answered.

1
It bypasses the cameraA virtual camera, an emulator, a rooted device or an intercepted upload lets the attacker feed frames the physical sensor never captured. Pixel-only checks analyse an image that was never taken by a real device.
2
It defeats livenessA modern deepfake reproduces every cue passive liveness looks for — natural motion, texture, depth, micro-expressions. The very signals meant to prove a live human are exactly what the synthetic imagery manufactures on demand.
3
It scales industriallyOne working injection pipeline plus a list of stolen identities becomes thousands of fraudulent onboardings — synthetic identities, mule accounts, account-takeover — at a marginal cost close to zero.
Why they compoundBypass the camera and pixel liveness is moot; defeat liveness and challenge-response is moot; automate both and the attack runs at scale. Defending any one layer alone leaves the other two wide open.

The key question is no longer "is the face real?" but "did it come from a real camera on a real device?"

FINX Insights — Identity & Fraud series, 2026
The Mandate

What injection-resistant verification actually requires

Stopping injection requires more than a stronger model. It requires controls around the capture path: device integrity, virtual-camera detection, SDK hardening, session binding, and capture attestation.

Injection detectionActively identify virtual cameras, emulators, screen-mirroring, hooked APIs and tampered streams — the delivery mechanisms of an injected feed — not just the content of the frame.
Device & environment integrityVerify the capture is happening on a genuine, uncompromised device through a trusted app — a rooted phone or manipulated runtime is a red flag before a single frame is judged.
Capture attestationBind the images to the real camera at the moment of capture with a cryptographic signal, so the system can prove the frames came from that device's sensor — not from a file or a virtual source.
GenAI artifact analysisInspect for the tell-tale traces of synthetic generation — temporal inconsistencies, blending seams, frequency-domain artifacts — that survive even high-quality deepfakes.
Passive PAD — motion, texture & depthISO 30107-3-grade presentation-attack detection that infers a real, present 3D face from a minimal touchless capture — no head-turns or gestures — and flags the flatness and artifacts of a synthetic feed.
Signal sharing & auditFeed injection attempts into the wider fraud graph — device, network, identity reuse — so one caught attack strengthens defence across every future onboarding, with a full evidentiary trail.

In short, the trust boundary has moved. The goal is no longer just to judge the pixels, but to prove how those pixels were captured.

The Architecture Answer

Verification has to own the capture path, not just the image

If software can hand you a perfect face, the defense must verify how that face was captured and delivered before it ever reaches the biometric model.

Onboarding Attempt — Session #IV-7712 Injection defence · active
Face passes liveness. The submitted capture shows natural motion, texture and depth perfectly — every passive liveness signal is green.
00:00
⚠️
Capture path flagged. Frames are arriving from a virtual camera, not the physical sensor — no capture attestation, device runtime shows hooking.
00:00
⚠️
Synthetic artifacts found. Temporal blending seams consistent with a generative face-swap detected in the stream — corroborating the injection signal.
00:01
Blocked before scoring. Onboarding rejected on provenance, not appearance — and the device, network and identity signals pushed to the fraud graph.
00:01

A perfect face that never touched a real camera should fail — no matter how alive it looks.

FINX Insights — Identity & Fraud series, 2026

Teams that treat this only as a deepfake-detection problem will stay reactive. Teams that control the capture path can stop the session earlier and with more confidence.

Closing Perspective

The face was never the hard part. The camera was

For years, identity systems focused on one question: does the face match, and does it look alive? Generative AI made that test far easier to fake.

The durable answer is simple: prove the person, the device, and the capture path are real.

Biometric verification still matters — but only when it sits inside a capture flow you can trust.

Injection Attacks Deepfakes Liveness Detection Biometric Onboarding Device Integrity Synthetic Identity Identity Verification