Flashing the peace sign in a selfie could be setting you up for a security nightmare. At least, that is the advice from Isao Echizen, a professor at the Digital Content and Media Sciences Research Division of the National Institute of Informatics.
He has successfully obtained fingerprints from photographs taken from up to three metres away. He specifically warned against the peace sign, as it could give identity thieves the opportunity to match fingerprints with a face.
Robert Capps, VP of business development at the biometrics company, NuData Security, said: “While physical biometrics will always have a place when it comes to in-person user authentication, there are significant drawbacks to consider when we extend biometric identity verification online.
“We shed physical biometric data wherever we go; leaving fingerprints on everything we touch, posting selfies on social media and videos with friends and family. Much of this information can be captured by fraudsters. Fingerprints can be stolen from doorknobs and glass and easily replicated. High-resolution photos, as Isao Echizen demonstrated in this zoom-and-enhance technique, can take a picture from great distances that can be used to copy a physical biometric.
This technique was also brought to wide-scale attention by Jan “Starbug” Krissler when he used Angela Merkel’s photo to unlock an iris biometric test at a security conference in 2015.
“Consumers bear additional risk in using physical biometrics online, as they become static identifiers that can never be changed, and in their digital form, can be stolen, traded, and potentially reused to impersonate the legitimate user. Once biometric data is stolen and resold on the Dark Web, the risk of inappropriate access to a user’s accounts and identity will persist for that person’s lifetime.
As the most stringent of authentication verifications deploy physical biometrics, such as immigration and banking, physical biometric data will become very desirable to hackers. We can expect more creative attempts by hackers to capture this information.
The benefit of passive behavioural biometrics is that the information used to uniquely identify a user is passively collected and dynamically analysed, and has an extremely limited shelf life of usefulness – making theft and successful reuse of raw behavioural signals nearly impossible.”
Comment on this article below or via Twitter: @ VanillaPlus OR @jcvplus
