AI could steal fingerprints from high-resolution selfies, experts warn

Daniel Sims

Posts: 2,458   +74
Staff
The takeaway: Although fingerprint authentication has known security limitations, modern laptops, tablets, and smartphones continue to rely on it for device unlocking and passkey authentication. As phone cameras become increasingly powerful, security experts are warning that lifting fingerprints from ordinary photos is becoming more feasible.

Reports circulating in China this week reignited concerns around the issue after experts claimed that photos showing fingers facing directly toward a camera from within roughly five feet could potentially reveal enough detail to recreate fingerprints. In theory, attackers could use the resulting images to spoof biometric scanners tied to phones, laptops, payment systems, or online accounts.

Financial expert Li Chang warned that photo editing software and AI tools can sharpen fingerprint ridges hidden in everyday selfies. Jing Jiwu, a professor at the University of Chinese Academy of Sciences, added that while lighting, motion blur, and focus still complicate the process, high-resolution images or multiple photos can significantly improve the odds of extracting usable fingerprint data.

The discussion quickly went viral across Chinese social media platforms, largely because the "peace" or "V" hand gesture remains a staple of selfies throughout much of Asia.

The underlying concept is not new. Security researchers have been demonstrating fingerprint reconstruction attacks for more than a decade, but advances in smartphone camera hardware are steadily lowering the barrier.

German biometrics researcher and Chaos Computer Club member Jan Krissler famously bypassed Apple's Touch ID system shortly after it debuted in 2013. A year later, he demonstrated that it was possible to recreate the fingerprints of Germany's defense minister using publicly available photographs of her hands.

At the time, however, the process remained impractical for most attackers. Reproducing fingerprints typically required multiple high-resolution images, controlled conditions, and specialized processing techniques. More recent demonstrations suggest the attack surface is gradually widening as modern smartphone cameras deliver sharper images with increasingly sophisticated computational photography.

In 2021, researchers at Kraken Security Labs demonstrated a method that reportedly required only a fingerprint photograph, Photoshop, a laser printer, and wood glue to create a working spoof fingerprint. Researchers have also hacked fingerprint scanners from the software end, and police have made arrests by matching photos of suspects' hands with fingerprint databases.

Despite those concerns, fingerprint authentication remains widely used across products laptops, iPads, and countless Android smartphones. The reason is simple: convenience. Biometrics dramatically reduce friction compared to passwords while still offering meaningful protection against casual theft or unauthorized access.

Permalink to story:

 
Passwords are already obsolete… fingerprints and retinal scans are next… 2-factor authentication (which also has vulnerabilities) is still the best security…

The vulnerabilities with fingerprints and 2-factor are mitigated as they at least have to be targeted to a specific individual.

Too many bulk password lists available on the dark web to trust anyone’s security to a password - no matter how “strong” you think it is.
 
What?? And what's going on??

This article is 3 hours old and yet the club is missing!!

The club? Ah yes, the club (The Big Biz and AI are our Benign Overlords Club + the 2 other individuals who are on either side of the fence, depending on what they had for lunch), have not jumped in to tell us how amazing and beneficial AI is!!

Even, yes even when it is used to steal peoples' finger prints from pictures (and we should stop being hysterical and negative about AI, their beloved and hugely moneyed benefactor)!!

It's like the Twilight Zone here suddenly! Should we worry about their missing shillage* ??

*: Shi-ll-age: Noun, used with people whose actions are irrationally weird and preposterous but are busy defending the the indefensible, especially when large sums of money (investments / payments etc) are involved.
 
What?? And what's going on??

This article is 3 hours old and yet the club is missing!!

The club? Ah yes, the club (The Big Biz and AI are our Benign Overlords Club + the 2 other individuals who are on either side of the fence, depending on what they had for lunch), have not jumped in to tell us how amazing and beneficial AI is!!

Even, yes even when it is used to steal peoples' finger prints from pictures (and we should stop being hysterical and negative about AI, their beloved and hugely moneyed benefactor)!!

It's like the Twilight Zone here suddenly! Should we worry about their missing shillage* ??

*: Shi-ll-age: Noun, used with people whose actions are irrationally weird and preposterous but are busy defending the the indefensible, especially when large sums of money (investments / payments etc) are involved.
That a bit of an odd post, kind person.
 
What?? And what's going on??

This article is 3 hours old and yet the club is missing!!

The club? Ah yes, the club (The Big Biz and AI are our Benign Overlords Club + the 2 other individuals who are on either side of the fence, depending on what they had for lunch), have not jumped in to tell us how amazing and beneficial AI is!!

Even, yes even when it is used to steal peoples' finger prints from pictures (and we should stop being hysterical and negative about AI, their beloved and hugely moneyed benefactor)!!

It's like the Twilight Zone here suddenly! Should we worry about their missing shillage* ??

*: Shi-ll-age: Noun, used with people whose actions are irrationally weird and preposterous but are busy defending the the indefensible, especially when large sums of money (investments / payments etc) are involved.
This has nothing to do with "AI good" or "AI bad"... might as well argue "tech good / tech bad"...

Tech always progresses - AI is simply the latest tool technology has given us. Just like every other tech, some will use it to benefit humanity (the medical field LOVES AI) while others will misuse it.

Don't blame the tech - blame the humans who use it.
 
From what I've read, my opinion, you are safer from a search without a warrant of your device using a password or PIN than biometrics. Biometrics are viewed as physical keys, where they cannot compel a password\PIN from you because it is considered "testimonial" (5th amendment self incrimination...etc.).

It is a legal grey area, which can vary from state to state. Consult a lawyer!
 
The worst fear I have associated with this is not what hackers can do with this technology but rather what countries like N Korea and China will do.
 
AI already caused global slowdown in consumption. One, by making electronics unaccesible, second, through election donations, sponsoring Trump second term, that brought as Iran conflict and tarrifs. I'm waiting for those guys on top to wake up one day and realise The World has moved to slow, agrarian economy of close to home grown potatoes, that doesn't buy electronics because They dont use money anymore. Sounds too utopian? Well, I'm old enough to remember those 80s-90s science fiction when We were suppose to have little food to eat, little air to breath, little water to splash toilet, all living in overpopulated cities run by Jakuza run megacorporations, while robots took our jobs. While It all happened, now I'm waiting for meteor to send us to middle ages.
 
Oh noes AI will be able to unlock my phone and iPad.
And then read my ebooks.
As it's quite likely these AI's have already read all the (e)books I have I'm not sure why I'm panicking. I'll think of something!
 
Just please tell me when the technology exists where I can text a fart
 
This has nothing to do with "AI good" or "AI bad"... might as well argue "tech good / tech bad"...
Of course. Quite frankly, it's absurdly simple-minded to believe sophisticated image processing ability like this is bad; it has literally tens of thousands of applications. Here's just one:

AI Image Processing Unlocks Hundreds of Cosmic Anomalies in Hubble Archive Data

 
My saving grace is that I am too unremarkable for anyone to put in the effort to find and steal **** from me.
I just don't use biometrics because they can be used for warrantless searches. im more afraid of warrantless searches than I am of someone stealing my identity, not that I have anything to steal in this economy, anyway.
 
This is old tech and has been around for years.. its just finally reaching civilian sector.
 
What's underappreciated here is that fingerprints are fundamentally broken as an authentication factor in a way passwords aren't. You can change a password. You get ten fingerprints, total, for your entire life, and you're leaving them on every surface you touch. The threat model has always been worse than people assumed, cameras just keep making it more obvious.
 
Maybe use AI to change your very important ego-enhancing selfie fingerprints to send tiny personalized messages to anyone motivated to pull a Bond villain stunt like copying them from said selfies.
 
Every time you make a store purchase and have to press your finger against a screen, there's a potential to harvest your print. Also, every time you lick an envelope to seal it, you leave behind your DNA.
 
Back