Emergency Advisory: Video Injection Tool Defeats iOS Biometrics on Jailbroken Devices
Executive summary A new, sophisticated video-injection tool designed to run on jailbroken iPhones (iOS 15+) can feed synthetic video into biometric verification pipelines — effectively tricking some Face ID / Touch ID flows and identity-verification apps that rely on camera input. The tool appears to enable deepfake-style video streams to be injected directly into the app’s camera input or app process on compromised devices, bypassing on-device liveness checks and defeating apps that do not implement additional anti-injection or attestation protections. iProov’s threat intelligence group publicly described the tool and warned it is being used in targeted identity-fraud campaigns. ID Tech +1 This is not a universal bypass of Apple’s Secure Enclave or hardware Face ID when the device is not compromised; rather it is an escalation that adversaries achieve by removing Apple’s native security restrictions via jailbreaking and then injecting forged video frames into the ca...