Claim: New technology allows hackers to extract fingerprints from photographs posted online where a person’s fingertips are visible, when making a peace sign, for example. These biometric details can then be used to hack into someone’s phone or commit a range of cybercrimes, including bypassing authentication processes and hacking into banking accounts. A good way to mitigate this risk is by blurring the fingertips in the photographs that you post on social media.
Fact: Posing for a selfie with your fingertips facing the camera does not necessarily mean that hackers will be able to access your financial data. To be able to successfully hack and extract biometric data, hackers would also require access to the target’s personal devices. A study by Japan’s National Institute of Informatics (NII) was misconstrued and taken out of context to create an alarming and misleading video.
On 15 April 2024, a video was “forwarded many times” on WhatsApp and also shared on Facebook, with the following caption:
“Very important and highly alarming. Be extra careful while posting ur pic on social media. Never show ur fingers to camera.”
The video includes a series of stock photos and clips, with a voiceover claiming that a new technology has been invented which allows for hackers to extract fingerprints from photographs published on social media which are showing the fingertips of someone. These biometric details can then be used to hack into someone’s phone or commit a range of cybercrimes including bypassing authentication processes and hacking into banking accounts. According to this video, a good way to mitigate this risk is by blurring the fingertips in the photographs that you post on social media.
Fact or Fiction?
A report by Refinery29, published in January 2017, titled “Relax: Your Fingerprint Is Very Unlikely To Be Stolen From A Peace-Sign Selfie”. This report cites articles published in the same month pointing towards an alleged threat of clicking ‘peace-sign selfies’. These stories source their claim from a study, conducted by Japan’s National Institute of Informatics (NII).
We also found this article from Financial Times, published in January 2017, titled “Fingerprint theft points to digital danger”. In this article, FT speaks to Isao Echizen, a professor at the National Institute of Informatics in Tokyo. He claims that as camera resolution gets higher and more affordable, it’s becoming possible to image smaller things like fingerprints or an iris. “Once you share them on social media then they’re gone. Unlike a password you can’t change your fingers, so it’s information you have to protect.”
This article from Japanese outlet Shankei Shimbun, published on 9 January 2017 was the first publication to interview Mr Echizen and quote the NII study. It notes that according to the study, “it was necessary to take the photograph in close proximity to the person”. The NII experiments concluded that “images taken at a distance of 3 metres are readable”. The original article gives out little to no information about the experiment conducted by NII which led to this claim.
This article from Snopes, looks into the original piece and explains the translated excerpts which include Professor Echizen’s statements. According to Snopes, the article did not discuss the hacking potential for identity theft. Dr Echizen’s translated statements, taken from Snopes, are attached below:
NII issued a press release on 17 March 2017 on their participation in CeBIT 2017, the world’s largest exhibition for information technology showcasing the Internet of Things (IoT), big data, artificial intelligence, and robotics. Here, they were set to introduce the NII Biometric Security (NII-BioSec), an R&D project aimed at protecting biometric information against the threats arising due to advances in sensor technology and media processing, and will demonstrate BiometricJammer, a method for preventing photographic capture of fingerprint information that neither inhibits fingerprint sensor authentication nor causes any visual discomfort, which is the first in the world to be developed. This means that before this could have become a problem prevalent enough to warrant the alarming tone of the video in the claim, a much stronger preventive technological invention was already in the market.
To effectively engage in identity theft, the hackers would not just require fingerprints, but also the target’s personal devices, if they intend to use their fingerprints to access their personal financial accounts and make any transactions. The feasibility of extracting usable fingerprint data from selfies for identity theft would require not only high-resolution images but also the ability to capture the fingerprints at an angle and clarity sufficient for replication. Moreover, the process of then using these fingerprints to bypass security measures involves additional challenges, such as creating a physical copy of the fingerprint that can deceive biometric scanners.
Refinery29 spoke to Jason Chaikin, the president of Vkansee, a biometric verification company that produces hi-resolution fingerprint sensors for mobile devices. He told them, “There’s no more vulnerability now than there was a year or two years ago. I’m guessing that the recent hype is because one organisation wants to promote a solution to a nonproblem.” He further added, “To get finger ridges is really difficult,” he explains. “9 out of 10 times, the focal point will be on your face and then forget it, your fingers will just look like blurs.”
Onfindo’s Identity Fraud Report 2024 states that selfie-based biometric authentication is “highly effective” against identity fraud. Onfido reports that during the initial nine months of 2021, the typical rate of document fraud stood at 5.9%. In contrast, identification systems that utilised selfies had a significantly lower fraud rate of 1.53%. Furthermore, the use of video selfies reduced the fraud rate even further to a mere 0.17%.
Apart from this, there are no specific documented cases of incidents of fingerprints being stolen from selfie photographs, occurring. NII’s findings themselves were about the creation of thin film which may be put around the fingers and can act as a preventive measure.
In summary, while the theoretical risk exists, the actual extent of the threat posed by using selfies to extract fingerprint data for identity theft purposes is not well-documented, and the practical barriers to such a method suggest that it is not a prevalent issue at this time, contrary to the video which sets an alarming tone against alleged widespread use of selfie photographs to extract fingerprints.
Virality
On WhatsApp, the claim was labelled “Forwarded many times”.
On Facebook, we found that it was shared here, here, here, here, here, here, and here.
Conclusion: A study by Japan’s National Institute of Informatics (NII) was misconstrued and taken out of context to create a misleading video that may alarm viewers. Posing for a selfie with your fingertips facing the camera does not necessarily mean that hackers will be able to access your financial data. To be able to successfully hack and extract biometric data, hackers would also require access to the target’s personal devices.
—
Background image in cover photo: Euronews
To appeal against our fact-check, please send an email to appeals@sochfactcheck.com