The digitization of services has been booming and affects all areas, even the most sensitive such as e-government services, financial services, health services. This trend knows a huge acceleration since the COVID 19 pandemic, making remote electronic interactions a by default scenario in the daily life of billions of citizens.
Recent regulations, such as the European eIDAS and AML5 regulations, have therefore established security frameworks for these sensitive remote services, notably with the need for establishing trusted digital identities of the users. These digital identities are provided only if there are generated by solutions commonly called “remote identity proofing”. These solutions, based on mobile application or web application, confirm the digital identity of their users by two proof factors: the user’s official identity document and face recognition between the user’s face and the one present on their official identity document. In summary, biometrics technology bridges the physical and digital worlds.
Biometrics being already vulnerable by default, its remote use opens a new vulnerability to fraudsters, too often confused with the famous deepfakes: biometric data injection attacks.
This white paper on biometric data injection attacks written by the independent European laboratory CLR Labs, providing evaluation and certification services for biometric, digital identity products/services, presents what are injection attacks and why this threat must be quickly taken seriously by the ecosystem.