One of the latest culprits of online panic has arrived in the form of a peace sign selfie.
Social media posts claiming that hackers can extract fingerprints from photo subjects flashing peace signs online and enhance them using artificial intelligence have garnered thousands of likes and sparked anxiety for some.
“Just end AI already!” wrote one Instagram user, whose comment received more than 16,000 likes. “It’s clearly a threat to humanity and not here to help regular people.”
Another Instagram user lamented that they will have to change how they take their selfies.
Experts say that’s probably not necessary. While it is possible for fingerprints to be pulled from a photo, the risk is low for the average person.
“You have a better chance of being hit by a car tomorrow than this happening to you in your lifetime,” said Justin Cappos, a New York University professor and cybersecurity expert whose research has been adopted by companies like Google and Palantir.
Many of the social media posts appear to have stemmed from an April segment on a Chinese television show featuring an expert who showed how taking a peace sign selfie with your fingerprints visible within a few feet of the camera could allow cybercriminals to digitally extract them. If hackers are successful in extracting a fingerprint, they could potentially use it to breach sensitive accounts that use fingerprints for access. Unlike passwords, biometric data can’t be changed.
“This sounds like the stuff out of spy novels or ‘Mission Impossible,'” said Vyas Sekar, an electrical and computer engineering professor at Carnegie Mellon University. “In theory, it’s possible, especially if people are posting high resolution images.”
There have been some cases. In 2014, a hacker reportedly claimed to have cloned a fingerprint of European Commission President Ursula von der Leyen, then Germany’s defense minister, using close-up photos taken at a press event. That same year, a team of security researchers at the cryptocurrency exchange, Kraken, were able to construct a fingerprint from a photo of one marked on a surface with the assistance of photoshop, a printer and glue.
But, even if a hacker were to obtain your fingerprint, to do anything with it, they would need access to the physical scanner your fingerprint unlocks — like on a laptop or a thumbprint pad at a bank.
A hacker also would need to be “fairly determined” and likely choose a “high-value target” that renders a fingerprint valuable, such as someone with access to a high-security facility, Sekar said.
For most people, there’s a higher likelihood of being targeted through a phishing scam like an email containing links to malware or fraudulent websites to extract personal information, Cappos said.
“I don’t think cyber criminals have started to try to weaponize it at any scale,” he said of extracting fingerprints. “Ten years from now, who knows if the landscape has shifted and cyber criminals are using this as an attack vector or something. But definitely, where we are today, this is not going to happen.”