For iProov, liveliness detection is the physical zero trust organizations need

“What we can do is very strongly authenticate the right person in the system, rather than just anybody who has that set of credentials or has that device and that set of credentials,” explained Dominic Forrest, Chief Technology Officer, iProov.

While there are many authentication methods available today, most organizations opt for multi factor authentication to verify users. Some authenticate via authentication apps while others still rely on biometric authentication, depending on the organization’s preference.

But even with the increasing security and authentication capabilities, organizations are still facing increasing cybersecurity risks. With cybercriminals now leveraging AI to launch more sophisticated cyberattacks, some authentication methods are not able to cope with the increased pressure.

The rise of deepfakes has already employees from companies around the world fall victim. Not only can these lead to financial losses for an organization, but such incidents can also compromise data and damage a company’s reputation.

According to an iProov study on deepfake, just 0.1% of people could accurately identify the deepfakes. iProov’s Threat Intelligence Report revealed that in 2024, iProov experienced unprecedented spikes in attack volumes. This includes incidents of native camera attacks surging, face swaps increasing, and the rise of digital injection attacks.

iProov belives this is not merely a gradual evolution as it represents a fundamental shift in the threat landscape that requires immediate attention. To combat the rising threat of deepfakes, organizations should look to adopt solutions that use advanced biometric technology with liveness detection.

Liveliness detection

In an interview with CRN Asia, Dominic Forrest, Chief Technology Officer at iProov explained how even simple deepfakes like face swaps can wreak havoc to individuals and enterprises.

“What I do is I take a single image of somebody, and I've overlaid it on my face real time. And that could be on a Teams call, or on a Zoom call, it could even be on an authentication session with my bank. Back in December 2020, you needed a PhD in computer vision or machine learning to do this. That all changed in 2024. These days, there are over 100 different pieces of software that do face swaps. We track over 100 different ways to inject that imagery and pretend to be a camera, whether it's on a mobile handset, or a webcam on a laptop. You've got over 100 different ways to create it. That's 10,000 different ways you can attack it with just face swaps,” said Forrest.

Fortunately, Forrest also explained how iProov is capable of helping organizations improve their authentications methods to avoid such scenarios. In fact, iProov’s Dynamic Liveness solution became the first facial biometric system certified by FIDO Alliance, achieving a 0% Imposter Attack Presentation Accept Rate and just 0.14% False Reject Rate after over 10,000 tests.

“How we defend against this is by making the war against the attacker completely unfair. And so, we've created what I would call information asymmetry. When somebody makes a deep fake against us, that imagery is going through tens of neural networks. We see all the outputs, all the input states, we learn vast amounts around that attack. And we can tell an awful lot. And they've got to break every single one of those neural networks at the same time. What they get back is a pass or fail. So, let's just imagine they were starting to make some progress, and maybe they found a way to break one or two of those, and they're only having 10 or 15 or 20 layers left. Well, we can see that. We can investigate it. We can stem from those defenders,” explained Forrest.

According to Forrest, iProov currently works with governments, financial institutions, and global enterprises by authentication and verifying is an the right person, a real person and they are authenticating right now. Through its Biometric Solutions Suite, iProov enables organizations to offer remote onboarding and authentication for secure and effortless digital and physical access.

Underpinning the Biometric Solutions Suite is an active threat management system that detects and responds to emerging threats across the globe. Continuous updates are delivered without any disruption to the customer or end user to ensure organizations stay one step ahead of the evolving threat landscape.

“So, the more attacks against us and the higher the quality those attacks are, the stronger we become. We get information about attacks from three places. Firstly, we have the ISOC. That looks at attacks against the production platform and monitors production attacks against the platform. Secondly, we have a red team that can both take inputs from the ISOC and understand what the real attacker is doing there and recreate those but also do its own priming research and attacking systems. They know a lot more than any attacker will about that platform, so they can do things to attack that platform. And then lastly, we have a large threat intelligence set up. We have over 100 groups which we take part in and discuss the attack mechanisms against it. And we take that knowledge and then the red team can recreate those as well,” said Forrest.

Using all this information, Forrest pointed out that iProov turns it into defenses to improve security.

“We've been attacked many hundreds of thousands of times, probably millions of times now over the years, and we have the knowledge of those attacks and the strength of our systems. Meanwhile, what do attackers have? They just end up failing again and again. To under the strength of the system, despite all those attacks, there’s not been a single successful attack against our dynamic products this year. There was not one last year. There was actually one the year before, successful globally, which we detected very quickly and made the customer aware of mitigate any damage from this. We'll never say we're perfect. What we will say is the system is exceptionally strong and can block almost all attacks, if not all the attacks,” added Forrest.

This is also where iProov spends a vast amount of time, effort and money investigating attacks and detecting attacks so that if there is a successful attack, they become aware of it very quickly and can make customers aware of it.