Wednesday, January 18, 2017 by Don Wrightman
If you like to display the peace sign when posing for pictures or selfies, there’s a new strategy you should employ, effective immediately. Make sure the back, or fingernail side of your hand is displayed, and not the fingerprint side. If you are featured in any online photos where you are exposing your fingerprint, you might want to consider deleting those as soon as possible. Photos that are shared and stored online create an active database of fingerprints for thieves to exploit.
Advancements in photo manipulation software can now lead to identity theft; because it is now possible for identity thieves to successfully obtain your fingerprint data from images. Japanese professor, Isao Echizen, knows the dangers of exposing your fingerprints first hand. Echizen is advising people to reconsider the innocent peace sign pose, after a recent experiment was conducted by his team at the NII’s Digital Content and Media Sciences Research Division, where they were able to successfully retrieve peoples fingerprint data from photos that were taken from distances up to three meters away. “Fingerprint data can be re-created if fingerprints are in focus with strong lighting in a picture,” said Echizen.
The technique Echizen describes doesn’t use any special software, but certainly requires good lighting. Low light pictures aren’t a significant threat now, but could become more serious in the future as mobile cameras become more sophisticated. Whenever possible, it is important not to rely on security measures that require fingerprint data.
Biometrics are becoming an increasingly accepted form of reliable security, replacing passwords and other safeguarding solutions in many instances. Keeping your prints private is now a valid concern. You can always change your password after being hacked, but you can’t change your fingerprints.
Professor Echizen believes that celebrities are most vulnerable to the new method of identity theft; due to the high number of photographs they generally appear in. While regular individuals might downplay the threat, this is a real situation which has already caused everyday people to become victims of ransom scams, because they compromised the security of their digital data.
An ordinary photo is all it takes for a thief to gain the ability to copy your fingerprint. The progression of technology in high quality digital photos has opened one side of the vulnerability, the other side being technologies akin to Touch ID, which turn your fingerprints into digital keys that can be used to unlock many of the devices we use today.
A third vulnerability exists within the technologies that use our fingerprints for verification or validation. Touch ID and similar fingerprint verifying security measures are likely to store your fingerprint data so that it can be compared to the print that is trying to gain access through the security measure. The fact that your fingerprint data could be stored up in a cloud for comparison raises additional security concerns, because hackers might be able to obtain that data in a security breech similar to what we often see with major companies.
In Echizen’s home country of Japan, as in many parts of the world, the peace sign is a common gesture shown in photos, however, it isn’t the sole hand gesture that could compromise your security. Other common gestures like waving, or giving a thumbs up, also create the same security vulnerability. When a fingerprint is matched with a person’s face, it creates a significantly greater threat for identity thieves to use the biometric data with malicious intent.
The fingerprint sensor on your phone is the key to unlocking all the private information that is stored on the device. This is not the first warning advising people that their fingerprint data needs to be protected. Back in 2014, a hacker demonstrated an eerily similar technique where he successfully replicated a German politician’s fingerprints from a public photo. The hacker then proceeded to create a three-dimensional mold of the fingerprint, which was capable of unlocking a secured phone. (RELATED: Learn more about technology glitches and failures at Glitch.news)