As fraudsters find new and innovative ways to steal personal information online, a new study from Japan has taken things to another level.
It claims fingerprints can be detected, and therefore stolen, from photos posted on social media, with the “peace sign” being identified as particularly risky.
Nick FitzGerald, Senior Research Fellow at ESET has outlined the extent of the threat, and what consumers can be doing to minimise risks as hackers’ skills and available technologies continue to evolve.
What is fingerprint fraud?
“Use of fingerprints is increasingly being considered as an alternative, or supplemental, authentication to passwords and other more traditional means of authentication. Until recently, this would not have been an option for run-of-the-mill applications, but as ever more smart phones have fingerprint readers built in, adopting fingerprints as a biometric authentication option is an increasingly economical one.
Many users are accustomed to using the fingerprint readers on their phones and other devices to unlock them instead of having to enter a password, PIN, or unlock pattern. Because of the increasing use of this technology and fingerprints being easily accessible, there is a higher risk of fingerprint fraud being used to access private information. This resonates with the recent revelations of Prof. Isao Echizen that our fingerprints may not be safe to be seen in public.”
“Being able to get a clear image of someone’s fingerprints does not solve the problem of creating fake fingerprints, but this has been achieved in a variety of ways in the past when other “good enough” sources of fingerprints have been used for faking prints.
“Further, the makers of fingerprint readers will likely respond that modern print readers also include pulse sensors. However, that does not necessarily obviate using a thin and fake print on suitable adhesive material stuck to a perfectly functional finger.”
What to be aware of on social media:
“Fraudsters often look for small pieces of information about a person online that they can use to form a complete identity. This allows them to easily gain access to things like social media accounts and emails, as well as open credit cards and even obtain a drivers licence in another person’s name.”
“To avoid identity theft, don’t use social media to post, or allow others to post, unadulterated photos of your fingers or fingerprints, passport or national identity cards, airline tickets, credit and bank cards, loyalty cards or even a winning lottery ticket.”
Find more information on how to protect yourself online on We Live Security.
“Other important factors in preventing identity theft on social media include: changing passwords regularly, using passphrases, limiting visible contact information and turning on the ‘approve tags’ option.”
How do you know if your fingerprints have been stolen?
“For now, it is probably very difficult to know if one’s fingerprints have been stolen as very few online services are using, much less requiring, fingerprint authentication. At least thanks to this study, we now know to be careful of exposing an open hand to a camera.”