The latest digital uproar involves a seemingly harmless gesture: the peace sign in selfies.
Recently, social media has been abuzz with warnings that hackers could potentially extract fingerprints from images of individuals making peace signs. These claims, suggesting that artificial intelligence might be used to enhance such fingerprints, have stirred significant concern and amassed thousands of likes.
“We should just put an end to AI!” exclaimed one Instagram user, whose comment attracted over 16,000 likes. “It poses a clear danger to humanity and doesn’t serve the everyday individual.”
Another user expressed dismay, contemplating changes to their selfie-taking habits.
However, cybersecurity experts reassure that such fears are largely unfounded. While technically feasible, the likelihood of fingerprints being extracted from photos is minimal for most people.
“The odds of this happening in your lifetime are slimmer than being hit by a car tomorrow,” stated Justin Cappos, a cybersecurity specialist and professor at New York University, whose work is utilized by major companies such as Google and Palantir.
Many of the social media posts appear to have stemmed from an April segment on a Chinese television show featuring an expert who showed how taking a peace sign selfie with your fingerprints visible within a few feet of the camera could allow cybercriminals to digitally extract them. If hackers are successful in extracting a fingerprint, they could potentially use it to breach sensitive accounts that use fingerprints for access. Unlike passwords, biometric data can’t be changed.
“This sounds like the stuff out of spy novels or ‘Mission Impossible,’” said Vyas Sekar, an electrical and computer engineering professor at Carnegie Mellon University. “In theory, it’s possible, especially if people are posting high resolution images.”
There have been some cases. In 2014, a hacker reportedly claimed to have cloned a fingerprint of European Commission President Ursula von der Leyen, then Germany’s defense minister, using close-up photos taken at a press event. That same year, a team of security researchers at the cryptocurrency exchange, Kraken, were able to construct a fingerprint from a photo of one marked on a surface with the assistance of photoshop, a printer and glue.
But, even if a hacker were to obtain your fingerprint, to do anything with it, they would need access to the physical scanner your fingerprint unlocks — like on a laptop or a thumbprint pad at a bank.
A hacker also would need to be “fairly determined” and likely choose a “high-value target” that renders a fingerprint valuable, such as someone with access to a high-security facility, Sekar said.
For most people, there’s a higher likelihood of being targeted through a phishing scam like an email containing links to malware or fraudulent websites to extract personal information, Cappos said.
“I don’t think cyber criminals have started to try to weaponize it at any scale,” he said of extracting fingerprints. “Ten years from now, who knows if the landscape has shifted and cyber criminals are using this as an attack vector or something. But definitely, where we are today, this is not going to happen.”
