A threat model for liveness attacks

Liveness attacks split into four broad classes: replay (re-presenting valid biometric data), masking (3D printed faces or silicone masks), injection (compromising the device camera), and synthesis (generating a real-time deepfake feed).

The threat surface has shifted hard toward injection and synthesis over the last 12 months. Replay attacks, by contrast, are now solved at the hardware-attestation layer for anyone willing to enforce it.