Skip to content

Injection Attack Detection (IAD)

An injection attack is a vulnerability that allows an attacker to insert (or "inject") malicious or altered content, such as images or videos. This enables an attacker to perform a man-in-the-middle attack by injecting deep fakes, altered pictures, or using virtual cameras.

To detect these kind of attacks, Veridas has developed a security measure that ensures the images captured by the SDKs are received by the backend application without any modifications along the way.

This injection attack detection feature requires using SDKs (v4.0 or above. Also included in XpressID), otherwise, the integrity scores will not be available.

Please check the SDK documentation for the compatibility for the validation process integrity verification feature

As part of this process, a set of scores are returned, called "Integrity scores".

Advanced Injection Attack Detection (AIAD)

An advanced injection attack involves not only injecting malicious or altered content but also compromising the integrity of the device itself, using techniques such as device emulation, virtual machines, or bots.

To detect these sophisticated attacks, Veridas has introduced Advanced Injection Attack Detection, enhancing the existing Injection Attack Detection framework to identify deeper threats that target device integrity.

Advanced Injection Attack Detection requires the use of XpressID to ensure comprehensive detection capabilities.

Advanced Integrity Scores provides additional integrity scores to assess device and process integrity during validation:

* ValidasScoreDeviceIntegrity

These advanced integrity scores complement the existing IAD framework, providing deeper insights into potential threats and enhancing the security of the identity verification process.

We strongly recommend integrating these scores into your security checks to mitigate risks from advanced injection attacks.

Main Integrity Score

ValidasScoreIntegrity: Indicates if the integrity of the entire validation process has been satisfied or not. Its value depends on the following factors:

  1. This validation integrity score will be available ONLY if at least one of the images was captured using the SDK supporting this integrity feature.
  2. This validation integrity score will be 1 if ALL the uploaded images have their integrity score with value of 1.
  3. Otherwise, value "0" is provided if ANY of the images have an integrity score of 0 or missing (ie: was not captured using the SDK supporting the feature)

Info

We strongly recommend including this score in your business logic when accepting/rejecting a validation, along with the other recommended scores.

Other Integrity Scores

These scores are individual scores that are calculated per uploaded image. They are grouped and taken into account to build the ValidasScoreIntegrity score.

ValidasScoreDocObverseIntegrity: Indicates whether the obverse image has not been modified or altered since it was captured by the Veridas SDK. If there is a fulfilment, value "1" is provided, otherwise, value "0" is provided.

ValidasScoreDocReverseIntegrity: Indicates whether the reverse image has not been modified or altered since it was captured by the Veridas SDK. If there is a fulfilment, value "1" is provided, otherwise, value "0" is provided.

ValidasScoreDocSelfieIntegrity: Indicates whether the selfie image has not been modified or altered since it was captured by the Veridas SDK. If there is a fulfilment, value "1" is provided, otherwise, value "0" is provided.

ValidasScoreDocSelfieAliveIntegrity: Indicates whether the selfie alive image has not been modified or altered since it was captured by the Veridas SDK. If there is a fulfilment, value "1" is provided, otherwise, value "0" is provided.

ValidasScoreDeviceIntegrity: Indicates whether the device environment has not been compromised or tampered with during the capture process by the Veridas SDK. If there is a fulfilment, value "1" is provided, otherwise, value "0" is provided.