Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Privacy Japan Security Software Science Hardware Technology

Japan Researchers Warn of Fingerprint Theft From 'Peace' Sign ( 119

Tulsa_Time quotes a report from Phys.Org: Could flashing the "peace" sign in photos lead to fingerprint data being stolen? Research by a team at Japan's National Institute of Informatics (NII) says so, raising alarm bells over the popular two-fingered pose. Fingerprint recognition technology is becoming widely available to verify identities, such as when logging on to smartphones, tablets and laptop computers. But the proliferation of mobile devices with high-quality cameras and social media sites where photographs can be easily posted is raising the risk of personal information being leaked, reports said. The NII researchers were able to copy fingerprints based on photos taken by a digital camera three meters (nine feet) away from the subject.
This discussion has been archived. No new comments can be posted.

Japan Researchers Warn of Fingerprint Theft From 'Peace' Sign

Comments Filter:
  • by Anonymous Coward

    Fix your fucking website already

    • by Anonymous Coward

      Slashdot has ads?

    • by Hylandr ( 813770 )

      You're not running ad-block pro?

      Tsk, Tsk.

      • Isn't Adblock Pro the one that sold out?

        Pretty sure uBlock Origin is one of the few that isn't whored-out these days.

        • by Hylandr ( 813770 )

          I don't pay anything, and I turned off the 'tasteful ads'.

        • I'm not sure they sold out, but they were never really against ads in the first place. They were against dangerous/intrusive/annoying ads but still understood that ads pay for things and sought a fair compromise.

          • That is why I still use Adblock, and allow the unintrusive ads.

            That said I have a few disagreements with what it finds unintrusive. Wikipedia ads are IMO intrusive, as are those ones that pop up a few minutes after you start reading an article or webpage and grey out the page.

  • by Anonymous Coward

    Years of burning their fingers on the glass bong have rendered this technique ineffective.

  • by Anonymous Coward

    Fingerprints and other biometric information should only be used for identification and not for authentication.

  • Sigh. (Score:5, Insightful)

    by ledow ( 319597 ) on Thursday January 12, 2017 @04:38AM (#53652543) Homepage

    Fingerprints are not used for authentication, right? So it's not a problem, is it?

    Even the kids in my school get this - you do have to explain the first time but then it's obvious to them.

    Where do you write down your password? Almost nowhere (some of our kids have password in their planners and things like that, but they have no access anyway).

    Where do you leave your fingerprint? Everywhere you go, on everything you touch, including the device you're logging into, and every device you've ever logged into.

    Though we don't get high-level attacks, I feel that users need to only have this explained once to question the James Bond etc. concept of using fingerprints for doors, high security facilities, etc.

    The fact that cameras are at the point that you can photograph someone's fingerprint? That's been true for a little while. That means that Trump / May / whatever leader's fingerprints have basically been public-domain for the world's spies for many years. Hence you should be SERIOUSLY questioning use of fingerprints as anything more than convenience or casual use.

    • by JanneM ( 7445 )

      Finger prints are fine for identification, not verification. They're your username, not your password. If you do use them like that they are not dangerous.

      But of course nobody does; US, Japan and other countries all use fingerprints to verify the password identity for instance. And as a result they catch multiple people here in Japan every year that entered the country with fake fingerprints. And since they just catch people that happen to get arrested for some other reason, it probably means there's hundre

    • Yeah, try explaining why your finger print is all over a crime scene.

      • Assuming you have more than one finger, and especially if you have an alibi, it shouldn't be terribly difficult.

      • You're talking about identification, which is related to authentication, but isn't quite the same. Just as your username is used to identify you, so too is your fingerprint used to identify you. But just as your username isn't sufficient in and of itself to authenticate your identity (i.e. I can't log in as you by simply knowing your username), and so too should your fingerprint be insufficient to authenticate your identity.

        The police can identify you using your fingerprint just fine, but that doesn't mean

    • Fingerprints are not used for authentication, right?

      Not sure about the States, but in Japan many of the banks have biometric devices on the ATMs to read fingerprints. From the placement of the devices, I would say the thumb is unlikely to be used, and I would suppose that most people use their index finger.

      Also there are a lot of smartphones with fingerprint recognition, and I have two computers with it (though I'm not using it because I don't regard it as secure).

    • "Fingerprints are not used for authentication, right? So it's not a problem, is it?"

      Fingerprints are the most convenient form of authentication, but you have to consider the surroundings. If someone grabs your phone, he is highly unlikely to have taken high-res photos of your fingertips, or to have been able to prowl around in your home and lift fingerprints. For a desktop, on the other hand, the lifted fingerprint attack is a simple and obvious one.

    • by syn3rg ( 530741 )
      And that is why I only use a single digit, facing me, as a hand gesture...
      • by Wolfrider ( 856 )

        --Maybe we should start giving people the "flying V" (like the Brits do) for photos...

    • biometrics in general are a fine second layer of authentication, they should not be a primary level of authentication for 2 reasons.
      1) they are generally not horribly hard to fake.
      2) once someone has figured out how to fake your biometric data it isn't like you can change it.

      Since Roman times there have been 3 ways to 'establish trust' Something you have, something you know, something you are.
      So the best anyone can do is this something you know( password or pin) tied to something you have ( smart device,

    • by Macdude ( 23507 )

      I've said for years:

      Fingerprint* = Identification, not authorization.
      Think of your fingerprint being your user ID, not your password.

      * This applies to any biometric identification system, e.g. retina scans.

    • Where do you leave your fingerprint? Everywhere you go, on everything you touch, including the device you're logging into, and every device you've ever logged into.

      Specifically, you are leaving your fingerprint on the very device you are trying to log in to. If a thief wants to find it, he doesn't have to go very far.

    • Fingerprints are not used for authentication, right?

      Wrong. Fingerprints are great authenticators (and not particularly good identifiers; uniqueness guarantees are very weak), but the authentication is derived from the integrity of the measurement process, not the secrecy of the fingerprint.

      That is, the security of a fingerprint-based authentication is primarily derived from the assurance you have that the fingerprint being measured is an actual body part and not some simulacrum. In the case of attended authentication stations, where a guard examines your f

  • by Anonymous Coward

    Coming next: Seconds after the moment you shake hands with me, all your personal datas are belong to us.

  • by Anonymous Coward on Thursday January 12, 2017 @04:39AM (#53652547)

    The NII researchers were able to copy fingerprints based on photos taken by a digital camera three meters (nine feet) away from the subject.

    Instead of making a peace sign when having your photo taken, an obvious solution is to flip the bird instead! Your fingerprints are facing away from the camera. All of the problems are solved, once and for all!

  • by Hylandr ( 813770 ) on Thursday January 12, 2017 @04:41AM (#53652551)

    I would much rather have a photo of my fingers stolen than have my fingers, or finger tips stolen!

  • by Anonymous Coward on Thursday January 12, 2017 @04:55AM (#53652581)

    German defense minister got her fingerprints "stolen" in a similar fashion two years ago [].

  • They're saying they have the fingerprints of every Japanese female under the age of 30.

    • They're saying they have the fingerprints of every Japanese female under the age of 30.

      Hmmm . . . so if we photograph gang members, tossing gang sings, the police can build a database of gang members, with their fingerprints.

      This is why when strangers photograph me, I flip them the bird, not a peace sign. Then they don't get my fingerprint, since it is not facing them.

      • by JanneM ( 7445 )

        This is why when strangers photograph me, I flip them the bird, not a peace sign. Then they don't get my fingerprint, since it is not facing them.

        Most parts of your skin has distinctive, unique patterns. You can get a unique print from your elbow, wrist, knuckles, knees... And you tend to leave such marks around too, if less commonly than fingers.

  • by Chrisq ( 894406 ) on Thursday January 12, 2017 @05:46AM (#53652685)
    It's the V for victory
  • by MadTinfoilHatter ( 940931 ) on Thursday January 12, 2017 @05:50AM (#53652693)
    The proposed solution is to hold your hand the other way around exposing only your fingernails. ;-)
  • by SlashDread ( 38969 ) on Thursday January 12, 2017 @05:53AM (#53652701)

    on your forehead right? For anyone to see?

    Then why do people think information you leave all over the place is a replacement for a password?

  • When I pass through border control they cannot even get my fingerprints when I'm touching the glass. And now a blurry mobile phone would be able to do better from several meters away?

    I guess the next warning will be to always wear gloves, otherwise you will be leaving a trail of fingerprints everywhere you go...

    • by swb ( 14022 )

      I can only assume this involves the best cameras under good conditions.

      I did a google image search for peace sign and only what look like stock photos and at high resolutions even remotely resolved even the most basic topology of the finger tips, but even then when zoomed in it was far too blurry to see anything resembling a fingerprint that could be duplicated.

      Everything else? A facebook photo where the hand is 5% of even a high resolution facebook picture? You're talking a pixel subset of maybe a few hu

  • by azrael29a ( 1349629 ) on Thursday January 12, 2017 @06:30AM (#53652773)
    I guess the horns "\m/" sign is also affected, even though you're displaying only your index and pinky fingers. The vulcan greeting sign "_\\//" would be the worst to photograph, since it displays all the fingerprints.
  • As Japanese photos gradually become less peaceful...
    British photos gradually become more well behaved.

    Assuming people stop holding up those 2 fingers.

    • HA! I am now in possession of the fingerprints from the famous Briton, Winston Churchill! I bet I can get into many secret places with them and do many evil deeds!

  • by Anonymous Coward

    The sign they are talking about is the V of Vrijheid and Victoire, after the Dutch word for Freedom and the French word for Victory. People in occupied Belgium used it during WWII. The gesture was used as a response to the Nazi salute, and was used every time the Germans lost a battle (the news was spread by the BBC). This way the people managed to scare the German soldier, and indirectly instructed them to be nice and to not commit war crimes. This sign was adopted in both the Netherlands and France and wa

    • Further, it's not uncommon for Japanese people when being photographed while making the gesture to also say the Japanified version of the English word "Victory" (sounding sort of like "Wikutorii"), similar to how Americans say "cheese", causing a smiling face.
  • They should just reverse the hand gesture and show the camera their fingernails.

  • Glove Manufacturers report an encouraging spike in sales
  • Anyone can have their hands photographed and fingerprints stolen. Who the fuck came up with the fearmongering scare tactic that singles out making the peace sign as a way of stealing fingerprint data? That's so fucking lame.

"In the face of entropy and nothingness, you kind of have to pretend it's not there if you want to keep writing good code." -- Karl Lehenbauer