Isao Echizen, a researcher at Japan’s National Institute of Informatics, told a reporter from the Sankei Shimbun that he had successfully captured fingerprints from photos taken at 3m distance at sufficient resolution to recreate them and use them to fool biometric identification systems (such as fingerprint sensors that unlock mobile phones).
Echizen’s research page doesn’t provide any more details, and the English-language accounts do not provide links to the Japanese newspaper article, so details are sketchy. According to Agence France Press, the technique requires well-lit photos that are in focus, but does not appear to require special cameras.
The news hook for this is that flashing the peace-sign in photos — as is common in Japan and elsewhere — could expose your fingerprints. This is true! It’s also true that cameras’ resolution, sensor-speed, low-light sensitivity and autofocus capabilities are on the rise, so this is eminently plausible (after all, a fingerprint sensor is just a camera that takes pictures of your fingerprints).
Recreating fingerprints from photos isn’t new. In 2012, a military contractor claimed it could undertake this feat from 6m; in 2014, Starbug demonstrated a DIY method for doing the same.
What’s more, efforts to harden fingerprint sensors against recreations have been a failure: in 2013, CCC hackers defeated Apple’s countermeasures. Last year, researchers at MSU built showed a method for manufacturing fake fingerprints that could fool phone sensors, all for less than $500; then a design student at RISD made a clever, rubber finger that did the same. There’s even a gory procedure for grafting fake fingerprints onto your real fingertips.
Biometrics are poor authentication tokens, because they’re intrinsically not secrets. In 2008, privacy activists lifted the German Interior Minister’s fingers off a waterglass and printed 10,000 sets on acetate that were distributed with a national magazine.
What’s more, when your fingerprints leak, you can’t get new ones (just ask the 22,000,000 Americans whose fingerprints were leaked to Chinese spies in the OPM hack.
Given all this precedent for this kind of thing, it’s worth asking why this unpublished, unreviewed research caught so much news attention. I give credit to the news-hook: this is being reported as a risk that young women put themselves to when they flash the peace sign in photos. Everything young women do — taking selfies, uptalking, vocal fry, using social media — even reading novels! — is presented as a) unique to young women (even when there’s plenty of evidence that the trait or activity is spread among people of all genders and ages) and b) an existential risk to the human species (as in, “Why do these stupid girls insist upon showing the whole world their naked fingertips? Slatterns!”)
Japan researchers warn of fingerprint theft from ‘peace’ sign
[AFP]
(via /.)
(Image: Sweet Japan, Ragez, CC-BY)