New iOS Video Injection Tool Bypasses Biometric Verification on Jailbroken iPhones

The threat intelligence team at iProov, the world’s leading provider of science-based biometric identity verification solutions, has uncovered a highly specialized tool designed to perform advanced video injection attacks, marking a significant escalation in digital identity fraud.

Deployed via jailbroken iOS 15 or later devices, the tool is engineered to bypass weak biometric verification systems and, critically, to exploit identity verification processes that lack biometric safeguards entirely.

This development signals a shift toward more programmatic and scalable attack methods.

Sophisticated Attack Workflow Exploits Jailbroken Devices

At the heart of the threat is a Remote Presentation Transfer Mechanism (RPTM) server that links an attacker’s computer to a compromised iOS device.

Once the attacker gains control of a jailbroken iPhone stripped of its native Apple security restrictions, they initiate a multi-stage injection process.

First, the tool injects deepfake imagery directly into the device’s video data stream rather than feeding it through the camera.

These deepfakes, generated by advanced AI, can perform face swaps or animate static images with another person’s movements.

This direct injection completely bypasses the physical camera, tricking on-device applications into believing the fraudulent video is a live, real-time feed.

The result is a seamless impersonation that many identity verification systems, particularly those without robust liveness detection, cannot distinguish from a genuine user.

Geopolitical Implications and National Security Concerns

The discovery is especially significant given the tool’s suspected Chinese origins.

It emerges amid heightened geopolitical tensions surrounding technological sovereignty and the security of global digital supply chains.

Governments worldwide are increasingly focused on mitigating risks posed by technology from non-allied nations.

A sophisticated attack tool such as this, therefore, transcends corporate security challenges, becoming a matter of national security interest.

State-backed or commercially driven, the tool’s industrialized nature suggests an organized effort to target high-value systems at scale, raising alarms within both public and private sectors.

Andrew Newell, Chief Scientific Officer at iProov, emphasized the magnitude of this breakthrough: “The discovery of this iOS tool marks a significant evolution in identity fraud and confirms the trend of industrialized attacks.

Its suspected origin is especially concerning and proves that it is essential to use a liveness detection capability that can rapidly adapt.” To counter these advanced threats, organizations must adopt a multi-layered defense strategy.

This begins by confirming the right person through document and database validation, followed by real-person checks utilizing embedded imagery and metadata analysis to detect manipulated media.

Crucially, defenses must verify in real time via passive challenge-response interactions to thwart replay attacks.

Finally, managed detection and response should combine automated monitoring with human-led threat hunting to reverse-engineer attack scenarios and proactively strengthen defenses.

As digital identity verification becomes integral to sectors ranging from finance to government services, this emerging video injection tool underlines the urgent need for adaptive, science-based biometric solutions.

Without such robust safeguards, even advanced systems remain vulnerable to sophisticated, industrial-scale fraud.

Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates

The post New iOS Video Injection Tool Bypasses Biometric Verification on Jailbroken iPhones appeared first on Cyber Security News.