Security researchers have found a malicious new tool that can inject deepfake videos straight into iOS devices. The tool presents a major risk for identity theft, so Apple users should be wary.
It works on jailbroken iPhones running iOS 15 or newer versions. Jailbreaking is when somebody removes Apple’s built-in restrictions on an iPhone, and is usually done to install apps or make changes that Apple doesn’t normally allow, such as installing apps outside the App Store.
Downloading apps from unofficial stores is one of the many possible ways the malicious tool could end up on a user’s phone.
Once installed, cybercriminals use a special server (RPTM) to link their computer to the iPhone and then hijack the link between the camera and the app.
That means the app never sees the real camera feed. Instead, it gets an AI-generated deepfake video that looks like live footage. To the user, the phone might look normal – a person could point their camera at a tree and see the same tree on the screen. However, the app on the other end could show a fake face.
This allows criminals to trick apps into thinking they’re dealing with the real person in real time. Affected apps could include those used by banks, for example.
This is the point where the fraud happens. The attackers use that fake “live” feed to pretend to be a real person and then create a new fake identity.
According to UK-based biometric security firm iProov, the tool seems to come from China.
“This marks a significant breakthrough in identity fraud,” said Andrew Newell, iProov’s chief scientific officer. He explained that companies need stronger systems that can test “liveness” by checking if the person on the screen is real and actually present.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked