Researchers at Japan’s National Institute of Informatics have claimed they can accurately copy fingerprints from digital photographs, raising fears that the security of biometric authentication systems could be undermined.
Isao Echizen from the Institute told the Sankei Shimbun that his team was able to copy firngerprints based on photos taken from as far away as three metres, as long as they’re in focus and with strong lighting, AFP reported.
“Just by casually making a peace sign in front of a camera, fingerprints can become widely available,” the researcher claimed.
He argued that anyone could do so—without the need for advanced technology.
Social media, especially in Asia, is filled with the images of individuals doing the two-fingered ‘peace’ sign, taken with the increasingly powerful digital cameras found on smartphones.
That could lead to fears over the security of fingerprint-based authentication systems, although it’s not clear how easy it would be to transfer a captured fingerprint into a form which could be used to authenticate.
Researchers famously ‘cracked’ Apple’s TouchID system in the iPhone 5 and 6 models, but the method required a laser-printed image of the fingerprint and then a convoluted process of creating a mould with pink latex milk or white wood glue.
The skill, patience and time needed to do so would deter most criminals.
However, some commentators said the research still serves a valuable purpose in highlighting the problem with static biometric identifiers.
Robert Capps, VP of business development at biometrics firm NuData Security, argued that humans leave fingerprint data behind on everything they touch, adding that researchers have also been able to use photographs to trick iris scanners.
“Once biometric data is stolen and resold on the Dark Web, the risk of inappropriate access to a user’s accounts and identity will persist for that person’s lifetime. As the most stringent of authentication verifications deploy physical biometrics, such as immigration and banking, physical biometric data will become very desirable to hackers,” he argued.
“We can expect more creative attempts by hackers to capture this information. The benefit of passive behavioural biometrics is that the information used to uniquely identify a user is passively collected and dynamically analyzed, and has an extremely limited shelf life of usefulness—making theft and successful reuse of raw behavioural signals nearly impossible.”
For consumers, another option would be to wait two years until the NII launches a new transparent film currently in development, which is designed to hide the wearer’s fingerprints.