A new study out of Japan claims fingerprints can be detected, and potentially stolen, from photos posted on social media.
Nick FitzGerald, senior researcher at ESET, says the use of fingerprints is increasingly being considered as an alternative, or supplemental, authentication to passwords and other more traditional means of authentication.
“Until recently, this would not have been an option for run-of-the-mill applications, but as ever more smart phones have fingerprint readers built in, adopting fingerprints as a biometric authentication option is an increasingly economical one,” he explains.
“Further, many users are accustomed to using the fingerprint readers on their phones and other devices to unlock them instead of having to enter a password, PIN, or unlock pattern.
FitzGerald adds that because of the increasing use of this technology and fingerprints being easily accessible, there is a higher risk of fingerprint fraud being used to access private information.
“This resonates with the recent revelations of Prof. Isao Echizen that our fingerprints may not be safe to be seen in public in 2017,” he says.
“Being able to get a clear image of someone's fingerprints does not solve the problem of creating fake fingerprints, but this has been achieved in a variety of ways in the past when other “good enough” sources of fingerprints have been used for faking prints.
He explains that when using social media, fraudsters often look for small pieces of information about a person that they can use to form a complete identity.
“This allows them to easily gain access to things like social media accounts and emails, as well as open credit cards and even obtain a drivers licence in another person's name,” says FitzGerald.
“To avoid identity theft, don't use social media to post, or allow others to post, unadulterated photos of your fingers or fingerprints, passport or national identity cards, airline tickets, credit and bank cards, loyalty cards or even a winning lottery ticket,” he adds.
“Other important factors in preventing identity theft on social media include: changing passwords regularly, using passphrases, limiting visible contact information and turning on the ‘approve tags' option.