Japanese scientists are warning consumers to stop flashing the peace sign in selfies because it is possible for identity thieves to detect and capture fingerprints from the image, which can be used to trick biometric sensors increasingly used to secure phones, PCs, financial services and apartment building door-locking systems.
Researchers from Japan's National Institute of Informatics (NII) are warning that fingerprints can be read even if the photograph is taken 3m away from the subject, as long as the index finger and middle finger are clearly visible.
This is a problem because many of these photographs end up on the internet or on popular apps like Instagram.
All an identity thief has to do is find a photograph of you on the internet, analyse your fingerprints visible in the peace sign, and then save your fingerprints with your face.
With your likeness on record and a scan of your prints, they can then attempt to commit identity theft.
In the past, this would only be possible if a cybercriminal had a close-up photograph of your fingers, but with the advent of impressive front and rear-facing cameras on smartphone, the scientists were able to extract the information easily from selfies.
The only saving grace is that this technique is not yet possible with the eyes, so you can't scan someone's retina from a casual photograph.
"Even if you just casually show the peace sign to the camera, your fingerprint can be stolen," Isao Echizu, professor of NII's digital content and media sciences research division told Japanese newspaper Sankei Shimbun.
"Biometric information such as fingerprints cannot be changed over the course of a person's lifetime. I want to raise awareness so people know how to protect themselves."
A tranparent film sticker that stops fingerprint theft
Echizu and his team have developed a new system that can prevent fingerprint identity theft – a transparent film that has white titanium oxide printed on it in a specific pattern. The idea is to put the film on your finger tips to not just obfuscate your fingerprint, but also to create a fake one to confuse cybercriminals.
It might seem like a rather tedious thing to do, but the researchers argue that all you have to do is attach the transparent film to your index finger before you go out, and then, if you need to authenticate your identity to access your smartphone, a financial service or a door, you can still do so by using an authentication device that comes with the film.
Biometric authentication is quickly becoming a way of life as fingerprint scanners are now being shipped to consumers on smartphones and PCs, but the technology is not foolproof.
In 2015, FireEye security researchers discovered that it was possible to create malware that could hack into the Samsung Galaxy S5's fingerprint scanner to capture images of the user's fingerprints without alerting the phone that it was being hijacked.
And before that, in 2013 members of the German white hat hacking group Chaos Computer Club succeeded in hacking the iPhone 5S' Touch ID fingerprint scanner by transposing the owner's fingerprint onto a thin strip of latex.
The same group also succeeded in creating an accurate thumbprint of German defence minister Ursula von der Leyen from photos of her taken at a press conference, and then using a synthetic finger bearing her fingerprint to unlock her smartphone in 2014.