Duplicate the fingerprints through a simple photo?

In recent days, the media have echoed about a piece of news that warns about the possibility of duplicating fingerprints with a simple photograph of the mobile. Is it really possible? Can our security be at risk?

In the last two weeks, national and international media have published a notice alerting about a possible security problem. “The National Institute of Information of Technology of Japan has developed a method that allows copying fingerprints from photographs taken up to three meters away with a digital camera”. This of course includes any selfie we do and then upload to the networks.

In By we are experts in biometrics, and we have the responsibility to shed some more light on the subject. Can you really get the biometric pattern of a fingerprint with a simple photo? And would it be possible to use such a pattern for fraudulent purposes?

It is obvious to say that the digital cameras of any mobile phone are increasingly powerful and have a very high resolution. While it may be possible for a simple photo (which should be perfectly focused and illuminated to begin with), to give us a clear picture of our fingerprint, much more is needed to obtain a clear biometric pattern.

Biometric fingerprint patterns

To begin with, the biometric patterns are not only based on the shape of the lines of our fingerprint, but also on the depth of the valleys and the ridges that make it up. This factor alone, already complicates notably obtaining a biometric pattern from the photo of a fingerprint: Obtaining accurate three-dimensional information in which the slightest variation is appreciated, starting from a two-dimensional image, is really complicated.

On the other hand, even in the hypothetical case of achieving that pattern, there would be no risk at all, since the quality of fingerprint sensors (such as those used by By in their biometric readers) are not limited to reading only the pattern, but also incorporate “liveness” confirmation techniques and “anti-spoofing” techniques, or what is the same, “finger” and “anti-impersonation” confirmation techniques. These techniques, combined with advanced algorithms for extracting and comparing biometric patterns, provide false positive rates of less than 1/10,000,000,000.

In addition, high security systems (such as the NÜO case) should extend their security requirements also to the information and communications infrastructure that supports the execution of their platform. At By we are very aware of this, and that is why we have developed an appliance specifically adapted and configured for the safe execution of the NÜO platform, which also provides guarantees of uninterrupted operation of high availability systems.

In short, we could say that if obtaining a fingerprint pattern starting from a two-dimensional image made with a simple mobile, is something close to impossible, the task of supplanting an identity would also be truncated by the “liveness”, “Anti-spoofing” confirmation techniques, by the advanced algorithms used in the comparison of biometric patterns and by the high security standards of the computer and communications structures that support the platforms.

Parece que al menos por el momento, podemos estar tranquilos. Nuestra identidad está protegida gracias a la innovación, las avanzadas técnicas de seguridad y al desarrollo de la biometría.

It seems that at least for the moment, we can heave a sigh of relief. Our identity is protected thanks to innovation, advanced security techniques and the development of biometrics.

Do you want us to help you?

Contact us at info@by.com.es or call us at +34 91 870 71 93.

Leave a Reply

For security reasons and to avoid comments like spam, a valid email must be entered in order to comment on the entries in the BY Tech blog. This information will never be used neither for commercial purposes nor for any purpose other than the validation of system security.

The personal data you provide to us by filling in this form will be processed by BY TECHDESIGN, S.L., as the data controller of this website.

The purpose of collecting and processing the personal data we request will be to relate to you and be able to provide our services and respond to your enquiries or requests. The legitimacy is through the express consent of the data subject.

We store your data during our relationship and for as long as the applicable laws bind us. You may contact us at any time to find out what information we have about you, rectify it if it is incorrect and erase it once our relationship has concluded.

You may exercise your rights to access, rectification, restriction, portability and the erasure of data at arco@by.com.es. If you believe that your rights have been violated, you may file a claim with the Spanish Data Protection Agency (www.aepd.es).

You may consult additional and detailed information in our DISCLAIMER, and specifically in section 4 concerning the “Privacy Policy”.