Biometrics is an increasingly popular alternative to passwords, but it, too, has weaknesses, with people being advised that something as innocent as flashing a peace sign in a photograph could be a gift to fraudsters.
The warning was issued after Isao Echizen, a professor at the Digital Content and Media Sciences Research Division of Italy’s National Institute of Informatics, announced that he had successfully obtained fingerprints from photographs taken from up to three metres away.
This follows an exercise at a security conference in 2015, when Jan ‘Starbug’ Krissler used Angela Merkel’s photo to unlock an iris biometric test.
Robert Capps, VP of business development at biometrics company NuData Security, said:“While physical biometrics will always have a place when it comes to in-person user authentication, there are significant drawbacks to consider when we extend biometric identity verification online. We shed physical biometric data wherever we go, leaving fingerprints on everything we touch, posting selfies on social media and videos with friends and family. Much of this information can be captured by fraudsters. Fingerprints can be stolen from doorknobs and glass and be easily replicated. High-resolution photos, as Isao Echizen demonstrates in this zoom-and-enhance technique, can take a picture from great distances that can be used to copy a physical biometric.”
The warning about biometrics follows an announcement last year by researchers at the University of California, Irvine that they had been able to convert a recording of someone typing while on a Skype call into text, raising the possibility that fraudsters could capture passwords and other confidential material through electronic eavesdropping.