In recent days, the media have echoed about a piece of news that warns about the possibility of duplicating fingerprints with a simple photograph of the mobile. Is it really possible? Can our security be at risk?
In the last two weeks, national and international media have published a notice alerting about a possible security problem. “The National Institute of Information of Technology of Japan has developed a method that allows copying fingerprints from photographs taken up to three meters away with a digital camera”. This of course includes any selfie we do and then upload to the networks.
In By we are experts in biometrics, and we have the responsibility to shed some more light on the subject. Can you really get the biometric pattern of a fingerprint with a simple photo? And would it be possible to use such a pattern for fraudulent purposes?
It is obvious to say that the digital cameras of any mobile phone are increasingly powerful and have a very high resolution. While it may be possible for a simple photo (which should be perfectly focused and illuminated to begin with), to give us a clear picture of our fingerprint, much more is needed to obtain a clear biometric pattern.
To begin with, the biometric patterns are not only based on the shape of the lines of our fingerprint, but also on the depth of the valleys and the ridges that make it up. This factor alone, already complicates notably obtaining a biometric pattern from the photo of a fingerprint: Obtaining accurate three-dimensional information in which the slightest variation is appreciated, starting from a two-dimensional image, is really complicated.
On the other hand, even in the hypothetical case of achieving that pattern, there would be no risk at all, since the quality of fingerprint sensors (such as those used by By in their biometric readers) are not limited to reading only the pattern, but also incorporate “liveness" confirmation techniques and “anti-spoofing” techniques, or what is the same, “finger” and “anti-impersonation” confirmation techniques. These techniques, combined with advanced algorithms for extracting and comparing biometric patterns, provide false positive rates of less than 1/10,000,000,000.
In addition, high security systems (such as the NÜO case) should extend their security requirements also to the information and communications infrastructure that supports the execution of their platform. At By we are very aware of this, and that is why we have developed an appliance specifically adapted and configured for the safe execution of the NÜO platform, which also provides guarantees of uninterrupted operation of high availability systems.