Most people are aware they shouldn’t post sensitive and personally identifying information on social media, such as a letter with their address or a plane ticket, as they could be used by scammers. And they most certainly wouldn’t publicly share their passwords.
Sharing pictures, however, is something everyone is comfortable with. But research has revealed that these can also be used to glean telling information. Posing for a picture while holding your hands up in a peace sign could pose a security threat, with hackers able to recreate prints that are the key to phones, computers and tablets.
Researchers at Japan’s National Institute of Informatics (NII) have found that fingerprints can be easily recreated from photos taken up to three metres away without the need for advanced technology. So long as the picture is clear and well-lit, prints can be mimicked.
“Just by casually making a peace sign in front of a camera, fingerprints can become widely available,” Professor Isao Echizen, a security and digital media researcher at the NII, told local paper Sankei Shimbun.
It isn’t the first time the security of biometrics has been called into question. Back in 2015, hacker Jan “Starbug” Krissler recreated Angela Merkel’s iris from a photo and managed to unlock a test.
Unlike passwords, biometrics cannot be easily changed, prompting fears over the safety of people’s personal data.
“We shed physical biometric data wherever we go, leaving fingerprints on everything we touch, posting selfies on social media, and videos with friends and family. Much of this information can then be captured by fraudsters,” said Robert Capps, from biometrics company NuData Security.
“Once biometric data is stolen and resold on the Dark Web, the risk of inappropriate access to a user’s accounts and identity will persist for that person’s lifetime.”
Echizen’s team has created a transparent film that can be applied to finger tips to protect the print from prying eyes. Made of titanium oxide, it prevents fingerprints from being copied without inhibiting unlocking.
But the protective technology won’t be ready for two years and is unlikely to be a widely adopted measure of protection.
Another solution is for companies to make their biometric tests more secure. China-based Goodix is developing a “live” fingerprint scanner that users prints and infrared analysis of underlying tissue and pulse. Going layers deeper could be one way to prevent spoofing.
“The transparent film with white patterns we have developed can prevent identity theft through fake fingerprints from photographed subjects, but does not interfere with identity verification with fingerprint authentication device,” Dr Echizen told the Telegraph.
Japanese government officials last year launched a new system that enables visitors to pay in shops with a touch of the fingertips, after registering their credit card and fingerprints details.
Don’t be a scam victim
- The bank or will never phone you for your PIN or password
- No company will send someone to your home to collect financial information or your bank card. Neither will they ask you transfer money to a new account for fraud reasons
- No business or individual needs to know your personal financial information – including the bank or the police. Do not disclose your PIN, password or personal details unless you are sure of who you are talking to
Do not assume a caller is genuine if they know personal details about you. This could have been garnered elsewhere or pieced together through other means