In the Magazine Tech & Science

How Flashing a Peace Sign Could Get You Hacked

03_31_fingerprints_01
In January, a team from Japan’s National Institute of Informatics demonstrated how fingerprint data could be obtained from photographs taken with a high-resolution digital camera. The copied prints were a near 100 percent match to the original fingerprints—even when the subject was standing up to 10 feet away. Catur Kurniawan/EyeEm/Getty

A pose is struck, the peace sign flashed, and a photo is snapped. It seems innocuous, but a team of Japanese researchers warns that flashing the familiar two-finger gesture could get you hacked.

In January, a team from Japan’s National Institute of Informatics demonstrated how fingerprint data could be obtained from photographs taken with a high-resolution digital camera. The copied prints were a near 100 percent match to the original fingerprints—even when the subject was standing up to 10 feet away.

But there’s no need to fly into panic just yet. Anil Jain, who teaches computer science at Michigan State University and holds six patents for fingerprint recognition technology, says, “The chance of that happening is very, very small. Everything has to be right—the illumination, the distance between the camera and the person, the orientation of the finger and so on.”

RELATED: Why fingerprint data may not be secure

The lesson, he says, is that every security system has pitfalls, including biometrics. We use fingerprint data to unlock our smartphones, purchase things and even rent lockers in a theme park. Our irises are scanned and photographs taken when we travel across borders or enter highly secure buildings. “It’s a trade-off between convenience and security,” says University of Calgary professor Thomas Patrick Keenan, author of Technocreep: The Surrender of Privacy and the Capitalization of Intimacy. “What I worry about is the fact that you can never change your biometrics. It’s not like your credit card number, where if you lose your card, you get a new number.”

In recent years, the biometrics industry has shifted from relying on static biometric features like fingerprints and irises to dynamic ones, using technology such as scanners that can detect if a finger is real and attached to a living person (as opposed to being a silicone replica or a hacked-off finger).

The Canadian startup Nymi has gone a step further: a wristband that measures your unique heartbeat pattern, allowing you to unlock doors, computer terminals and other authentication tools with just a tap of the wrist. Still other companies are working on systems that make use of more unusual biometric identifiers, such as how people walk, how they use a keyboard and even the way they smell.

If this new era of biometrics can deliver the heightened security it promises, that might be something worth flashing the V-sign for.