The iconic V-finger sign, commonly used to represent peace, is a gesture people often use when posing for photos.
However, a video widely shared on WhatsApp and other social media networks warns people against its use.
The clip claims that crooks can use the images to take high-quality copies of their fingerprints, which they can then use to break into their phones and accounts and steal their money and data.
So how well-founded are the claims?
Simply put, it is technically possible but unlikely in practice.
According to Sarah Morris, professor of digital forensics at the University of Southampton, hackers could theoretically make copies of our fingerprints from the selfies we post online, but only under very specific circumstances.
“We’re talking about the right lighting, the right camera, the right resolution, the right angle of the finger, the right proximity of the finger to the camera,” he told The Cube. “We’re talking about very specific conditions here for this to work.”
“On most phones, it’s going to be really hard to get that level of resolution by holding your hand up when you’re completely away from the camera,” he added.
Frank Breitinger, an associate professor of digital forensics and investigation at the University of Lausanne, came to a similar conclusion.
“You can get sensitive information from good quality images, but otherwise it’s difficult,” he said. “It’s even harder to reuse that data, even if you have it.”
He noted that many social media platforms reduce the quality of photos and videos when they are online, which acts as an additional shield that can help prevent our data from being stolen.
It doesn’t matter how good the potential hacker’s equipment and technology is; If the source data does not have enough detail, the algorithm will not capture enough information to create accurate copies of our fingerprints.
Even in a situation where conditions are perfect for a scammer, it’s unlikely they’ll have the firepower to extract our biometric data from our photos, at least for now.
They will likely be using a software-driven platform, potentially using AI-based technology. It will use an algorithm to extract information about the fingerprint and then convert it into biometric data that can be used.
“As far as I know, this is not common software,” Morris said. “This is certainly not something I have encountered as a practitioner and would be difficult to obtain, currently it can be custom-made.”
Regardless, it’s still important to be wary of potential dangers when publishing content online, especially in the rapidly evolving AI landscape.
To be fair to the video circulating on WhatsApp, it suggests precautions we can take to avoid falling into any hacker’s trap online, such as avoiding clearly showing our fingertips in photos and using filters to blur sensitive areas or information.
But Morris said that’s not entirely necessary right now, because the technology to extract our biometric information isn’t that ready right now. Biometric data is typically stored locally, such as on your phone, so hackers normally need access to the physical device as well to gain access.
“Even if you have that fingerprint, that doesn’t mean you just take this photo and send it to the bank,” Breitinger said. “There’s still more to be done.”
“Let’s say you want to hack into my phone, which is protected by my fingerprint: You still need my phone,” he added, explaining that hackers would need to physically copy the image onto something that could be placed on their finger.
“Most sensors are good enough to detect whether something is dead or not,” he said.
To practice good cybersecurity, experts recommend paying attention to backgrounds and information you might accidentally share in your photos.
Open source intelligence, where people can look at photos and infer where you are and what you’re doing from certain street patterns, books or posters in the background, is a much easier and more common way for people to access your data, Morris said. .
“They also give you clues about things you like, which can help you get catchy questions to help you break into accounts and guess passwords,” he said.
It’s also a good idea to be more careful about sharing close-ups of your eyes or using voice or facial recognition software rather than worrying about fingerprints, according to Breitinger.
“Fingerprints are still one of the biometrics I trust most,” he said. “I would be more worried about deepfakes or someone catching my voice than I would be about someone stealing my fingerprint.”
He recommended avoiding sharing high-quality images of your iris online and making sure you always use two-factor authentication to protect your accounts and data.
Long story short, you’re probably safe to continue spreading peace and victory in your selfies.