If cybersecurity threats have you a bit worried about your digital safety, here’s another fact to fuel your paranoia: attackers can potentially steal your fingerprint from that peace sign selfie you uploaded to social media.
According to a study conducted by Japan’s National Institute of Informatics, researchers found that — depending on a picture’s focus and lighting — they were able to recreate fingerprints from images shot up to 3 meters, or 10 feet, away from a subject. Advanced technology isn’t necessary for the hack, either — anyone can easily copy fingerprints if the photo’s conditions are right, researchers said.
“Just by casually making a peace sign in front of a camera, fingerprints can become widely available,” researcher Isao Echizen told the Sankei Shimbun newspaper.
As fingerprints and other biometric data become more widespread as standards in security authentication, this news is a bit worrisome. Luckily, NII did announce that they were working on a transparent, titanium oxide film that can be placed over a finger to hide prints in a picture. That film would deter identity theft, but would still allow smartphone users to unlock or use their phones normally.
Of course, this isn’t exactly groundbreaking news — we’ve known about similar hacks for at least a few years now. In 2014, for example, a German hacker claimed that he had cloned a politician’s thumbprint simply by using close-up pictures he had taken at a press conference with a standard digital camera. In 2015, the same hacker demonstrated how he could create a working iris spoof using a high-res picture and a laser printer, Engadget reported.
Of course, that didn’t stop some media outlets from taking the NII story and blowing it way out of proportion. The SankeiShimbun story was less about fingerprint spoofing as a new threat than it was about developing a counter-measure — but that was lost in translation. This isn’t a “new” threat, and in all likelihood, unless you’re a celebrity or international spy, you probably having nothing to worry about — especially since, to do any damage, an attacker would still need physical access to your device to break into it.
If you’re still uneasy — and you don’t want to wait the two years for NII’s transparent film to enter the market — just wear gloves, or keep your fingers out of the frame in your next selfie.