New iOS Video Injection Tool Bypasses Biometric Verification with Jailbroken iPhones

A sophisticated new attack tool targeting jailbroken iOS devices has emerged, representing a significant escalation in digital identity fraud capabilities. 

The discovery by iProov’s threat intelligence team reveals a highly specialized tool designed to perform advanced video injection attacks on iOS 15 and later devices, specifically engineered to bypass weak biometric verification systems and exploit identity verification processes lacking proper biometric safeguards.

This breakthrough represents a troubling shift toward more programmatic and scalable attack approaches, with the tool’s suspected Chinese origins adding geopolitical relevance amidst rising concerns about technical sovereignty and digital supply chain security. 

The tool’s emergence underscores the critical need for robust biometric verification systems capable of detecting sophisticated deepfake and injection attacks.

Biometric Verification with Jailbroken iPhones

The newly discovered tool operates through a multi-stage process that leverages the compromised security architecture of jailbroken iOS devices. 

The attack begins with a prerequisite jailbroken iOS 15 or later device, where native Apple security restrictions have been removed to allow deep system modifications. 

Attackers establish a connection using a Remote Presentation Transfer Mechanism (RPTM) server, creating a bridge between their computer and the compromised iOS device.

The core attack involves injecting sophisticated deepfakes directly into the device’s video stream, completely bypassing the physical camera hardware. 

Deepfakes can take the form of face swaps, in which a victim’s face is placed on another video, or motion re-enactments, in which static visuals are animated using the actions of another person. 

The injected synthetic media tricks applications into believing the fraudulent video represents a live, real-time feed, enabling potential impersonation of legitimate users or creation of synthetic identities.

“The discovery of this iOS tool marks a significant breakthrough in identity fraud and confirms the trend of industrialized attacks. The tool’s suspected origin is especially concerning and proves that it is essential to use a liveness detection capability that can rapidly adapt”, researchers said.

The emergence of video injection attacks renders traditional identity verification methods insufficient, necessitating comprehensive multi-layered defense approaches. 

Organizations must implement verification systems that simultaneously confirm the right person through identity matching to official documents and databases, verify a real person using embedded imagery and metadata analysis to detect malicious media, and ensure real-time authentication through unique passive challenge-response interactions, preventing replay attacks.

The tool’s discovery coincides with alarming trends documented in iProov’s 2025 Threat Intelligence report, including a 2,665% increase in native virtual camera attacks and a 300% rise in face swap deepfake attacks. 

With security experts tracking over 120 different face swap tools, threat actors are rapidly adopting new technologies to bypass verification systems, making robust liveness detection capabilities essential for organizational security.

This multi-layered approach increases the complexity for attackers seeking to spoof identity verification systems, as advanced attacks struggle to bypass all security measures while retaining the natural traits of actual human contact.

Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.