Fingerprints could be stolen from V sign selfies

The finding by a team from Japan’s National Institute of Informatics (NII) raises concerns about the security of the most common biometric verification technology in the age of selfies and Instagram.

“Fingerprint data can be recreated if fingerprints are in focus with strong lighting in a picture,” NII researcher Isao Echizen told Yomiuri TV.

Today even cheap smartphones are equipped with high-resolution cameras, and sharing everyday snaps and streams of selfies has become a social norm. However, as more and more technology makers move to biometrics such as fingerprint identification to replace vulnerable passwords, people might need to start to think twice what exactly do they share online.

The Japanese team said the photos used in the experiment were taken at the distance of three metres from the photographed subject with a regular digital camera.

According to Robert Capps from biometrics firm NuData Security, the Japanese research is not the first pointing to inherent weaknesses in biometric protection.

“High-resolution photos, as Isao Echizen demonstrates in this zoom-and-enhance technique, can take a picture from great distances that can be used to copy a physical biometric,” said Capps. “This technique was also brought to wide-scale attention by Jan Starbug Krissler when he used Angela Merkel’s photo to unlock an iris biometric test at a security conference in 2015.”

There are various ways how to steal someone’s fingerprints. The prints can be taken from doorknobs and glass and replicated by fraudsters to unlock protected systems. The V sign selfie makes it especially easy for anyone with access to the image to steal the print and match it with the owner.

“Consumers bear additional risk in using physical biometrics online, as they become static identifiers that can never be changed, and in their digital form, can be stolen, traded, and potentially reused to impersonate the legitimate user,” Capps commented.

“Once biometric data is stolen and resold on the Dark Web, the risk of inappropriate access to a user’s accounts and identity will persist for that person’s lifetime.”

Generally considered a massive improvement in security compared to passwords, biometric identification is expected to spread into various sectors including banking and immigration control. That means, however, that such data will become extremely valuable in the future.

“We can expect more creative attempts by hackers to capture this information,” Capps said.

The Japanese team is reportedly developing a special titanium oxide film that people could attach to their fingers to protect their prints against theft, while allowing them to use fingerprint identification when they need to.