NEWS

It's Unlikely Your Fingerprints Will Get Stolen From Peace Sign Photos, But Take Caution Elsewhere

Because, unfortunately, cyber attackers can steal your online identity pretty easily.

18/01/2017 4:09 PM AEDT | Updated 18/01/2017 8:39 PM AEDT
martin-dm via Getty Images
"All an attacker really needs to do is send an email that says 'click here to win an Iphone 7' and they're going to get a captive audience that are going to give away set information."

Japanese researchers have recently been able to copy fingerprints from someone flashing the peace sign in a photo, raising concern about hackers being able to steal people's identities.

The rise of fingerprint authentication on smartphones could potentially provide cyber attackers with further material for identity theft. However, Crowdstrike's VP of technology strategy, Mike Sentonas, said there is no reason to worry.

"Attackers don't have to work that hard to unfortunately compromise a lot of people's machines. There's much easier things for an attacker to do," Sentonas told The Huffington Post Australia.

"You would require light to be at the absolute optimum condition regardless of the equipment they use so you could even get the ridges of the finger print.

"It would just be technically so hard to do that the likelihood of us seeing it, is probably more a case of an up and coming x-files remake verses reality of seeing it happen in the field."

All an attacker really needs to do is send an email that says click here to win an Iphone 7 and they're going to get a captive audience that are going to give away set informationMike Sentonas

When it comes to identity theft, old school tricks still prevail, so Aussies should be more concerned about covering the basics before worrying about using the peace sign in their next Instagram post.

"That stuff still works, and that's what we need to educate people about," Sentonas said.

"All an attacker really needs to do is send an email that says 'click here to win an Iphone 7' and they're going to get a captive audience that are going to give away set information."

The online security expert, who has worked in the field for more than 18 years, said even politicians and diplomats get caught by old methods of identity theft.

"If you look into the discussions that are happening around the world about Russian intelligence and the attacks on the U.S. government, the work that we did and the work that has been released by the intelligence community, is that a lot of these attacks happened through spear fishing attacks where people who you would think would be more savvy are still falling for this," Sentonas said.

So here are the basic prevention methods can you implement right now.

Open emails with caution:

When an offer seems too good to be true, it probably is. So proceed with caution. And check the source of the email.

"If someone gets a too good to be true offer, there will be a portion of people who will share information about who they are or their home address and salary information," Sentonas said.

Sentonas said people can also be tricked into revealing personal information through the 'virus detection' phone call or email. People do call homes and claim they've detected a virus on machines, instructing the person to reveal their personal information. So always check with your provider if you receive such a call.

Check basic privacy settings on social media:

If you don't have your Facebook profile (or other social media accounts) on private, you run the extra risk of revealing more than you intend to strangers, and cyber attackers.

This can be as simple as showing a photo of yourself on holidays, "so the world can see that you're away from home".

If you've posted a photo of you and your family outside your house, they might have access to your address, too.

Turn off location services at the right time and place:

Most social media accounts have 'location services', which link your photos or posts to your current location. If these are turned on, they can reveal your address or the fact you're away from your home.

We have to get away from a world where people use 30 passwords for 30 different systems.Mike Sentonas

Despite all this, you might be wondering whether the world would be a better, safer place if we just ditched fingerprint authentication. But there's a reason it's now here.

"We have to get away from a world where people use 30 passwords for 30 different systems but in reality, people use a different password that they write on a post it note or they use the dogs name. That unfortunately means people get compromised," Sentonas said.

"Using a finger print along with a password, to me, is generationally better than using a post it note and a password. So whilst we can say it adds a little bit of complexity, we have to use some of these alternative authentication techniques otherwise we're going to end up being compromised."

More On This Topic