Another Type of Interception: the Iris Template Replay Attack

While much of the world continues to play football, American “football” wrapped up this month at the professional level with the “Commercials, Concerts, And a Sports Show”(tm).

During the game, New England Patriots quarterback Drake Maye threw two interceptions, or throws that were received by players on the opposing them (the Seattle Seahawks).

But what if Maye were throwing iris templates? And what if the defending Seahawks used the intercepted data in injection attacks?

Bet you didn’t think I was going there.

Iris template replay attacks

Facial data (from companies such as FaceTec and iProov) isn’t the only type of data that can be protected by injection attack detection. You can inject data from any type of biometric to bypass the capture device.

One type of injection attack is a template replay attack. It works something like this:

  • For this example assume that I am a legitimate subject and an authorized user, and the biometric workstation captures my iris. 
  • Rather than sending the entire iris image to the server, it converts the image into a template, or a much smaller mathematical representation.
  • The biometric workstation transmits this template to the server. BUT…
  • The evil fraudsters use some type of malware to intercept my iris template and save it for future mischief. Unfortunately, unlike a football interception seen by over 100 million people, no one realizes that this iris “interception” happened.
  • Later, when a fraudster wants to gain access to the biometric system, they perform an injection attack. Rather than capturing the fraudster’s iris at a workstation and sending that template to the server, the fraudster performs a “replay” and “injects” my intercepted iris template into the workflow.
  • The server receives my iris template, thinks I am accessing the system, and authorizes access.
  • The fraudster does bad things.

Iris template replay attack detection

How do you prevent an iris template replay attack?

First you have to detect it. Perhaps the system can detect that the template is not from a current iris capture, or that the template originated somewhere other than an iris workstation.

Once you detect it, you can reject it. Fraudster denied.

Of course this applies to any biometric template: fingerprint, face, whatever.

Injection attack detection, when implemented, is just another tool embedded in the biometric product.

Biometric product marketing expert. Look at his eyes.

A Brief Note to My WordPress Subscribers

I often reshare my posts on social media, but sometimes I don’t.

This post won’t be reshared on Facebook, LinkedIn, YouTube, or anywhere else.

It’s specifically and only intended for Bredemarket’s WordPress subscribers.

The message?

Thank you.

If you’re of a certain age, enjoy this.

“Thank You,” Led Zeppelin. From Led Zeppelin II.

If you’re younger, enjoy this.

“Thank You,” Röyksopp. From The Inevitable End.

Privacy, by Google Gemini

Google’s concept:

“Abstract 3D render of a human silhouette made of shimmering frosted glass, iridescent light refracting through, symbolizing secure data encryption and zero-knowledge proofs, elegant and high-end.”

Personally I think it’s TOO abstract, but perhaps that’s just me.

I didn’t create a musical version of this on Instagram because stuff, but there’s a Facebook version here. Sadly non-embeddable…but that’s why you should join my Facebook Bredemarket Identity Firm Services group.

Why Would a Robot Fish?

Sadly the question “why would a robot fish?” was shared in a private Facebook group, so I cannot share the entire question with you. But I can share my response.

“Some humans don’t fish for food, but for relaxation. But if robots need downtime, it doesn’t have to be at a stream with a pole.”

After thinking, I composed the prompt for the Google Gemini picture that illustrates this post.

“Create a realistic picture of a robot by a stream in the woods, fishing. The eyes and other parts of the robot’s head indicate that its internal controls are in maintenance mode, or that the robot is ‘relaxing.’”

My own content creation process with Bredemarket includes a “sleep on it” step which lets my brain reset before taking a fresh look at the content.

The generative AI equivalent is to take the output from the initial prompt, start a new independent chat, and write a second prompt to re-evaluate the output of the first prompt.

Which I guess would be “fishing.”

Venus and Mars Are Alright Tonight

Considering his connection to erotic love, it’s no surprise that the parentage of Cupid (or Eros to the Greeks) is mysterious, but at least some sources consider Cupid to be the son of Venus (Aphrodite) and Mars (Ares).

By Joachim Wtewael – Scan from a magazine article by Marion Cornélie van Oudheusden: Joachim Wtewael: de lotgevallen van Venus en Mars, Oud-Utrecht 92, June 2019, 65-69, Public Domain, https://commons.wikimedia.org/w/index.php?curid=79575481.

Which of course makes me think of Paul McCartney and Wings.

But not the song that leads into a song about Jimmy Page.

I think of the reprise. The song that leads into a song about ancient…Egypt. (Hathor?)

Backing vocals credits (P McCartney, Laine, McCulloch, English) detailed here.

Ontario International Airport Community Event

From the Ontario International Airport Community Event at the National Guard Hangar on Saturday, February 14, 2026.

Hangar Arrival (1/3)

Arriving at today’s ONT Community Event.

Hangar arrival.

Set ONT Free (2/3)

Our war of independence happened 10 years ago. Hollywood noticed.

Set ONT free.

Hangar Departure (3/3)

Consumer heaven. Except for Quakes fans.

Hangar departure.

Saints Valentine: The Power of a Story or Three

Stories sometimes obscure the facts, which is something we definitely remember—or don’t—on February 14.

Did you know there are THREE people who are considered by the Roman Catholic Church to be Saint Valentine?

Petal and Poem discusses all three.

Valentine of Rome

This Valentine was a priest in Rome who defied Roman Emperor Claudius II. Supposedly the Emperor believed that single men made better soldiers, but Valentine defied the Emperor and secretly married people. This resulted in his execution on February 14 in about AD 270.

But…there is another.

Valentine of Terni

Elsewhere on the Italian peninsula, Valentine of Terni (or Interamna) ran afoul of the same Emperor, and was executed on February 14 a few years later (in about AD 273).

But…there is another.

Valentine in Africa

Less is known about the third Valentine, other than the fact that he also was martyred. The scant information about him, as well as more extensive information on African influence on Christianity, is contained here.

So the next time that you say that the chocolates your beloved gave you are to die for, ensure you don’t take the phrase literally.

And Cupid, a Roman god, is decidedly NOT Roman Catholic.

By Attributed to Jean Ducamps / Attributed to Master of the Incredulity of Saint Thomas – https://www.peintures-descours.fr/oeuvres/l-amour-brisant-son-arc-2318, Public Domain, https://commons.wikimedia.org/w/index.php?curid=91991753.

Additional Ingenium Injection Attack Detection Testing…Result

There are numerous independent testing laboratories, holding testing certifications from various entities, that test a product’s conformance to the requirements of a particular standard.

For presentation attack detection (liveness), organizations such as iBeta and BixeLab test conformance to ISO 30107-3.

  • Vendors who submit their products to iBeta may optionally choose to have the results published; iBeta publishes these confirmation letters here.
  • In a similar manner, BixeLab publishes its confirmation letters here.

For injection attack detection, Ingenium tests conformance to CEN/TS 18099:2025, as well as testing that exceeds the requirements of that standard.

Unfortunately, I was unable to locate a central source of all of Ingenium’s testing results. So I had to hunt around.

Known Ingenium Injection Attack Detection Testing Results

Biometric VendorIngenium Injection Attack Detection Test LevelNotes
FaceTec2Ingenium letter on FaceTec website
iProov4Bredemarket blog post “Injection Attack Detection, CEN/TS 18099:2025, and iProov

And…that’s all I could find.

Ingenium’s testing is relatively new, as is the whole idea of performing injection attack detection testing in general, so it shouldn’t be surprising that vendors haven’t rushed to get independent confirmation of injection attack capabilities.

But they should.

A brief reminder on Ingenium’s five testing levels

I’ve mentioned this before, but it’s worth exploring in more detail, since I only discussed Level 4. Here’s a complete list of all five of Ingenium’s testing evaluation tiers:

  • Level 1: CEN Substantial: This tier is equivalent to the CEN TS 18099:2025 ‘substantial’ evaluation level. A Level 1 test requires 25 FTE days and includes a focus on 2 or more IAMs and 10 or more IAI species. It’s a great starting point for assessing your system’s resilience to common injection attacks.
  • Level 2: CEN High: Exceeding the substantial level, this tier aligns with the CEN TS 18099:2025 ‘high’ evaluation level. This 30-day FTE evaluation expands the scope to include 3 or more IAMs and a higher attack weighting, providing a more rigorous test of your system’s defenses.
  • Level 3: This level goes beyond the CEN TS 18099:2025 standard to provide an even more robust evaluation. The 35-day FTE program focuses on a higher attack weighting, with a greater emphasis on sophisticated IAMs and IAI species to ensure a more thorough assessment of your system’s resilience.
  • Level 4: A 40-day FTE evaluation that further exceeds the CEN TS 18099:2025 standard. Level 4 maintains a high attack weighting while specifically targeting the IAI detection capabilities of your system. Although not a formal PAD (Presentation Attack Detection) assessment, this level offers valuable insights into your system’s PAD subsystem resilience.
  • Level 5: Our most comprehensive offering, this 50-day FTE evaluation goes well beyond the CEN TS 18099:2025 requirements. Level 5 includes the highest level of Ingenium-created IAI species, which are specifically tailored to the unique functionality of your system. This intensive testing provides the deepest insight into your system’s resilience to injection attacks.

Oh, and there’s a video

As I was publicizing my iProov injection attack detection post, I used Grok to create an injection attack detection video. Not for the squeamish, but injection attacks are nasty anyway.

Grok.