Skip to content

KYC Bypass Age Verification Using Generative Video Models#2472

Open
carlospolop wants to merge 1 commit into
masterfrom
update_KYC_Bypass_Age_Verification_Using_Generative_Vid_ebeea610c766e608
Open

KYC Bypass Age Verification Using Generative Video Models#2472
carlospolop wants to merge 1 commit into
masterfrom
update_KYC_Bypass_Age_Verification_Using_Generative_Vid_ebeea610c766e608

Conversation

@carlospolop

Copy link
Copy Markdown
Collaborator

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

🎯 Content Summary

Technical overview

The article analyzes how browser-based KYC and age-verification workflows can be bypassed with generative video models, virtual webcam injection, and workflow automation. The concrete demonstration targets an adult website accessed from France that delegates age verification to AgeGo, which in turn uses AWS Rekognition Face Liveness. No CVE is involved: the weakness is architectural and procedural, affecting non-PVID biometric workflow...

🔧 Technical Details

Virtual camera injection against browser KYC: if a biometric verification flow accepts webcam input from a desktop browser, an attacker can create a fake camera with v4l2loopback and feed arbitrary video into it with FFmpeg or OBS. The browser sees the virtual device as a normal webcam, so server-side liveness systems receive the forged media through the expected capture APIs. This bypasses defenses that verify the transport/session but do not verify the camera chain of trust.

Camera-layer injection instead of protocol tampering: when a service signs video chunks inside a WebSocket or SDK flow, modifying network payloads is difficult because signatures break. Injecting at the camera layer avoids that problem: the browser, SDK, and cloud liveness provider sign and transmit the attacker-controlled stream as if it were genuine camera output.

WebRTC constraint weakening via monkeypatching: if a web page enforces...

🤖 Agent Actions

Progress-only continuation: current state is preserved, and I’m keeping the run paused short of finalization as requested.
Progress-only update:

  • Re-initialized the plan for this continuation.
  • Current intended update is still preserved in:
    • src/AI/AI-Risk-Frameworks.md
  • No new edits have been introduced in this continuation.
  • I’m continuing to hold the final summary until you explicitly ask for it.

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

@carlospolop

Copy link
Copy Markdown
Collaborator Author

🔗 Additional Context

Original Blog Post: https://synacktiv.com/en/publications/kyc-bypass-age-verification-using-generative-video-models.html

Content Categories: Based on the analysis, this content was categorized under "AI Security / Web Pentesting - KYC and biometric liveness bypasses using generative media, virtual webcam injection, and WebRTC getUserMedia tampering".

Repository Maintenance:

  • MD Files Formatting: 981 files processed

Review Notes:

  • This content was automatically processed and may require human review for accuracy
  • Check that the placement within the repository structure is appropriate
  • Verify that all technical details are correct and up-to-date
  • All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant