Fact-check: Can hackers steal fingerprints from selfies?

James Thomas
·4 min read
Fact-check: Can hackers steal fingerprints from selfies?

The iconic V-finger sign, commonly used to represent peace, is often a go-to gesture when people pose for pictures.

However, a video being shared widely on WhatsApp and other social media networks warns people against using it.

The clip claims fraudsters can use the images to take high-quality copies of their fingerprints, which they then use to hack into their phones and accounts to steal their money and data.

Experts said they aren't too worried about the video's claims but still urged due caution when sharing content online.
Experts said they aren't too worried about the video's claims but still urged due caution when sharing content online. - Euronews

But how well-founded are the claims?

Simply put, it's technically possible but very unlikely in practice.

Hackers could in theory extract copies of our fingerprints from the selfies we post online, but only in very specific conditions, according to Sarah Morris, professor of digital forensics at the University of Southampton.

"We're talking the right lighting, the right camera, the right resolution, the right angle of the finger, the right closeness of the finger to the camera," she told The Cube. "We're talking very specific conditions here to make that work."

"With most phones, getting that level of resolution from holding your hand up when you're quite removed from the camera is going to be really, really difficult," she added.

Frank Breitinger, associate professor of digital forensic science and investigation at the University of Lausanne, came to a similar conclusion.

"You can get sensitive information from pictures that are of good quality but otherwise it's hard," he said. "Even if you have it, reusing this data is even harder."

He noted many social media platforms also reduce the photo and video quality when they go online, which acts as an additional shield that can help stop our data from being stolen.

It doesn't matter how good the potential hacker's equipment and technology might be; if the source data doesn't have enough detail, then the algorithm won't be able to capture enough information to make accurate copies of our fingerprints.

Even in a situation where the conditions were perfect for a fraudster, it's still highly unlikely they'd have the firepower to extract our biometric data from our photos - at least for now.

They'd likely be using a software-driven platform, potentially using AI-based technology. It would use an algorithm to extract information about the fingerprint and then turn that into biometric data that could be used.

"As far as I'm aware, that's not common software," Morris said. "It's certainly not something I've come across as a practitioner, and it would be difficult to get hold of, it would be bespoke at the moment."

Regardless, it's still important to be mindful of the potential dangers out there when we post content online, especially with the rapidly evolving AI landscape.

To be fair to the video going around on WhatsApp, it does suggest precautions we can take to avoid falling foul of any hackers online, such as avoiding showing our fingertips clearly in photos and using filters to blur out any sensitive areas or information.

But Morris said this isn't entirely necessary right now because the technology to extract our biometrics simply isn't that readily available at the moment. Biometric data is usually stored locally, such as on your phone, so hackers would normally need access to the physical device as well to gain access.

Former British Prime Minister Winston Churchill was widely known as using the V sign as a symbol for 'victory' in World War II.
Former British Prime Minister Winston Churchill was widely known as using the V sign as a symbol for 'victory' in World War II. - AP Photo

"Even if you have this fingerprint, it's not that you just take this picture and submit it to a bank," said Breitinger. "There's still a lot more that needs to be done."

"Let's assume you want to hack into my phone which is protected with my fingerpint: You still need my phone," he added, explaining that hackers would need to physically replicate the image into something that can be placed on their finger.

"Most sensors are good enough to detect if something is dead," he said.

To practice good cybersecurity, experts suggest being mindful of the backgrounds and information you might accidentally share in your pictures.

Morris said open source intelligence, where people can look at photos and deduce where you are and what you're doing from specific street layouts or books or posters in the background, is a far easier and more prevalent way for people to access to your data.

"They also give clues about the kinds of things you like that might help get memorable questions to get into accounts and guess your passwords," she said.

It's also a good idea to be more wary of sharing closeups of your eyes, or using voice or face recognition software, according to Breitinger, rather than worrying about fingerprints.

"Fingerprints are still one of the biometric features I trust the most," he said. "I would be more worried about deepfakes or someone capturing my voice than I would be someone stealing my fingerprint."

He suggested avoiding sharing high-quality pictures of your iris online, as well as always making sure to use two-factor authentication to protect your accounts and data.

Long story short, you're probably safe to keep spreading peace and victory in your selfies.