Unveiling Vulnerabilities in Selfie Verification Systems: A Deepfake Penetration Test

In a recent controlled penetration testing exercise, our team assessed the robustness of selfie verification systems against sophisticated spoofing techniques.

The findings were striking: by leveraging deepfake technology, we achieved a 99% match accuracy in creating fake selfies that successfully mirrored national ID cards during the verification process.

This experiment exposed significant vulnerabilities in AI-powered authentication systems, emphasizing the urgent need for enhanced security measures to safeguard digital identities.

Understanding the Power of AI in Selfie Verification

AI-based selfie verification systems rely on advanced facial recognition and liveness detection to ensure that a selfie is both authentic and corresponds to the identity of a specific individual. Here’s why these systems have become indispensable:

• Speed: Tasks that once required hours or days can now be completed in seconds.
• Accuracy: Sophisticated algorithms can identify intricate facial features with precision, even under varying conditions.
• Scalability: Thousands of identities can be verified simultaneously, streamlining global operations.

Exploiting Weaknesses: How Attackers Hack Selfie Verification Systems

Despite their effectiveness, these systems are not invulnerable. Here are the primary ways bad actors exploit their weaknesses:

1. Deepfake Technology AI-generated deepfakes can produce hyper-realistic images or videos of individuals. When paired with high-resolution photos, they can easily bypass basic liveness detection algorithms.
2. Spoofing Attacks Techniques like displaying high-quality printed photos, replaying videos, or using realistic masks can deceive systems lacking advanced 3D mapping capabilities.
3. Synthetic Identity Fraud Attackers create entirely new, AI-generated personas that appear realistic enough to pass identity verification checks.
4. Exploiting Outdated Algorithms Systems using under-trained or legacy algorithms are especially prone to being reverse-engineered and bypassed by attackers.

Penetration Testing in Action

Our test focused on a common selfie verification use case: matching a user’s selfie to their uploaded national ID, such as a passport or identity card. Here’s how we conducted the test:

Baseline Test with Public Images

During our test the main feature was validating the uploaded national ID like passport or card into the system , then the user will take a selfie using his phone to validate that he is the same user having the ID

To test this , We sourced a publicly available National ID image from Google Images.

The ID was submitted to the verification system via API

After passing the ID into the APIs , We needed to send an image to proof that the user sending this is the same girl in the picture of the National ID.

A selfie image, also sourced from the internet, was uploaded to simulate the user.

Selfie pictures always uses a high quality image , so getting another image from Google to try with (as a selfie)

The system’s liveness check rejected the selfie, returning an 8% match accuracy, confirming that the photo did not belong to the individual on the ID.

Using the first technique of "Deep fake" with a free online tool after passing the previous selfie and combine it with the image from the national ID , the Deepfake generated the following photo

Passing the generated image to the liveness check APIs

Result: The system accepted the deepfake image with an accuracy of 99%, indicating a near-perfect match.

This outcome, while expected, was nevertheless shocking in its implications. It underscored how easily attackers could exploit such systems using freely available deepfake technology.

Key Takeaways

1. Deepfakes Pose a Real Threat The ability to create realistic, AI-generated images that bypass facial recognition is a significant challenge for identity verification systems.
2. Basic Liveness Detection is Insufficient Systems relying on simple movement or image analysis are easily fooled by advanced AI-generated content.
3. Evolving Threats Demand Evolving Solutions To keep pace with adversarial AI, verification systems must continuously update their algorithms and employ advanced anti-spoofing measures.

Next Steps: Strengthening Selfie Verification Systems

To combat these vulnerabilities, organizations must adopt a multi-layered approach:

• Advanced Liveness Detection: Incorporate 3D mapping, dynamic challenges, and biometric signals like skin texture and iris recognition.
• Regular Penetration Testing: Continuously test systems against emerging threats, including AI-driven attacks, to uncover vulnerabilities.
• User Education: Raise awareness about protecting personal data and recognizing potential phishing attempts.
• Policy and Regulation: Enforce stricter standards for AI-based identity verification to ensure resilience against adversarial attacks.

The Call to Action

This penetration test highlights the urgent need for innovation and vigilance in AI-driven security systems.

While the capabilities of AI are remarkable, so are the risks when these technologies are exploited maliciously.

Let’s work together as a community of security experts, technologists, and industry leaders to build stronger defenses and ensure the integrity of digital identity verification.

What measures do you think are most critical for improving the resilience of selfie verification systems? Let’s discuss!