A Finger Tip to the Wise
Cyberthieves may be able to steal your prints from photos
THE PEACE SIGN: It seems like an innocuous, two-finger gesture, but flashing it in a photo could get you hacked.
In January, a team from Japan’s National Institute of Informatics demonstrated how fingerprint data could be obtained from photographs taken with a high-resolution digital camera. The copied prints were a near 100 percent match to the original fingerprints—even when the subject was standing up to 10 feet away.
But there’s no need to panic just yet, says Anil Jain, who holds six patents for fingerprint recognition technology. “The chance of that happening is very, very small,” he notes. “Everything has to be right—the illumination, the distance between the camera and the person, the orientation of the finger and so on.”
The lesson, he says: Every security system has pitfalls, including biometrics. We use fingerprint data to unlock our smartphones and even to rent lockers in a theme park. Our irises are scanned and photographs taken when we travel across borders or enter highly secure buildings. “It’s a trade-off between convenience and security,” says Thomas Patrick Keenan, author of Technocreep: The Surrender of Privacy and the Capitalization of Intimacy. “What I worry about is the fact that you can never change your biometrics. It’s not like your credit card number.”
In recent years, the biometrics industry has shifted, using technology such as scanners that can detect if a finger is real and attached to a living person (as opposed to being a silicone replica or a hacked-off finger).
The Canadian startup Nymi has gone a step further: a wristband that measures your unique heartbeat pattern, allowing you to unlock doors, computer terminals and other authentication tools with just a tap of the wrist. Still other companies are working on systems that make use of more unusual biometric identifiers, such as how people walk, how they use a keyboard and even the way they smell.
If this new era of biometrics can deliver the heightened security it promises, that might be something worth flashing the V-sign for.