Japanese report says peace signs make fingerprint data vulnerable

If flashing a peace sign is your go-to selfie move, you might want to think about coming up with a new signature look. Turns out, your light-hearted display of goodwill to the world could be putting your personal data at risk — if you come across a truly determined hacker, anyway.

According to research from a team at Japan’s National Institute of Informatics (NII), cyber thieves can lift your fingerprints from a photo in order to access your biometrically protected data (like the info secured on your iPhone by the Touch ID system). But while it’s technically possible, biometrics experts say there’s no need to panic.

The NII team’s report focuses on the personal security threats posed for social media users who share lots of publicly accessible pictures. Using a set of photos taken by a camera placed about three meters away from a subject, the team was able to recreate the fingerprints accurately. 

The Japan Times reports that NII researcher Isao Echizen told Sankei Shimbun, a Japanese language newspaper, that peace signs could be exploited without much effort.

“Just by casually making a peace sign in front of a camera, fingerprints can become widely available,” he told the paper. 

But this possible selfie-security breach isn’t really breaking news. In 2014, Berlin-based hacker collective Chaos Computer Club (CCC) demonstrated its “fingerprint cloning” capabilities in a real world demo, claiming to have accurately recreated German Defense Minister Ursula von der Leyen’s print.

That’s a much more convincing threat than one from a group of researchers only claiming to have reproduced the methodology — and CCC’s demonstration was over two years ago, too. So why didn’t we hear about this then and retire peace signs back in 2014, along with the Ice Bucket Challenge?   

Simple: it’s way too complicated to actually be of much concern. 

The good news: “It’s really not that easy”

According to Jason Chaikin, President of biometric verification company Vkansee, the high barrier of entry for these thieves makes the crime not worth the time. It’s a complicated multistep process, with molds and models needed to recreate the actual thumb print once they’re digitally lifted. 

“Ultimately, it’s really not that easy,” he told Mashable

“If you look at 100 pictures of people staring into a megapixel camera flashing the piece sign, probably less than 30 percent have the right type of lighting. Secondly, if you have a picture that works, there’s a real craft to being able to take that, size it, bring it into another application and print it out in the right scale with the right form and then transfer that to a mold to then make an impression.”

What really makes a fingerprint heist improbable is that the thieves actually need to physically possess the point of biometric entry to break into a device. Sure, they might be able to gain access to your fingerprint information after a good amount of hacking and hard work, but they’ll need your iPhone’s actual home button, for example, to gain access to the system. 

In response to these security threats, Chaikin says biometrics companies and phone makers alike are upping their security standards. His company reads prints at 2000dpi resolution, well above the standard 500dpi. Others are experimenting with sensors that capture pulse and varying degrees of pressure when they read prints, which can help to weed out the fakes.

The NII developed a solution for this non-problem, which is likely why its research hit the internet today. It claims to have created a transparent titanium oxide film for the fingertips, which can both hide the wearers prints in pictures and serve as a secondary print for devices. The tech won’t be available for two years — but by then, the minuscule security breach will likely be closed by the innovations Chaikin hinted at.  

Still, you could switch the routine up to stay extra safe. For some next level selfie action, just flip your hand around to chuck up the deuce instead. Look how ~chill~ Amy Pohler looks throwing it down at the Golden Globes:

It conveys the same sentiment — without any threat of having your data stolen, no matter how small.