Does flashing a peace sign in your selfies allow someone to steal your fingerprint from the photo? The answer is yes — and it has sparked controversy more than once — but you probably have nothing to worry about.
---
In 2014, the fingerprint of Ursula von der Leyen, Germany's Defense Minister at the time, was stolen.
A hacker named Jan Krissler demonstrated that her fingerprint could be extracted from a simple close-up photo taken at a press conference.
In 2019, the issue ignited a storm in China, when cybersecurity experts warned that a selfie exposing your fingertip — even from a distance of 1.5 meters or more — could put your fingerprint at risk.
But a closer look at the technical details suggests there may not be a genuine identity-theft risk here, at least not an easy one.
---
Biometric systems don't photograph a fingerprint image — they identify specific features within its pattern, such as ridge endings and bifurcations.
Extracting a fingerprint from an ordinary photo is done by enhancing the contrast between the darker and lighter areas of the image, which reveals those reference points in the fingerprint.
Electronic fingerprint scanners fall into three categories.
The first is an optical scanner that photographs the fingerprint. It is relatively easy to fool with a photo of a fingerprint, which is why it must be secured with additional anti-spoofing measures.
The second method uses a scanner containing an array of capacitors. Skin touching these capacitors changes their electrical capacitance; the valleys of the fingerprint make no contact, allowing them to be detected.
Fooling such a scanner requires printing the fingerprint as a physical replica that conducts electricity similarly to human skin — a complex and costly undertaking.
Flagship devices with an under-display fingerprint scanner use an ultrasonic scanner that sends sound waves into the finger and maps the returning waves. It is extremely difficult to spoof a human fingerprint convincingly enough to pass the precision of such a scanner.
---
Two additional factors protect against fingerprint spoofing.
One is the growing use of two-factor authentication and other biometric identifiers — such as facial recognition, iris scanning, or retinal scanning. These technologies cannot be bypassed by cloning a fingerprint alone.
The second is the increasing adoption of liveness-detection technologies, such as pulse, body heat, or subcutaneous blood flow. These technologies allow a fingerprint to pass only if it has been verified as belonging to the physical finger of a living person.
Beyond all of this, photos uploaded to social media are typically compressed in ways that significantly reduce their quality, making reliable fingerprint extraction far more difficult.
For all these reasons, even if you keep flashing a peace sign in your selfies, your bank account will most likely remain safe.
---
👋 Hi, I'm Shlomo Strauss — follow me for more fascinating content on science and technology.