Injection Attack.
In the IDV context, an attack that injects pre-rendered synthetic media (a deepfake video, a synthetic face capture) directly into the camera or sensor pipeline at the OS, driver, or virtual-camera level — bypassing the lens entirely.
Presentation attacks (holding up a photo) are largely defeated by modern liveness detection. Injection attacks (feeding deepfake video directly into the camera API) bypass the camera entirely and bypass most liveness defenses with it. The defense moves outside the capture — device attestation, hardware-signed frames, anomaly detection on capture timing and metadata — none trivial to deploy at scale.
Common questions
What's the difference between a presentation attack and an injection attack?
Can liveness detection catch injection attacks?
What defends against camera-feed injection?
Related terms
In the guides
Biometric Authentication: A Practitioner's Guide to Fingerprint, Face, and Beyond
How modern biometric authentication actually works — device-local templates, signed assertions, liveness detection, and where the privacy story is real vs marketing.
Identity Verification and Proofing (IDV/KYC): A CIAM Guide for 2026
How to prove a real person matches a claimed identity at signup — document capture, liveness, authoritative-data checks. The 2026 stack, the deepfake escalation, and where CIAM ends.