Carlos Solis
AI tools can lift fingerprint details from a single photo, and attackers can use those details to bypass biometric locks. Because fingerprint verification is increasingly used by secure services, that capability could theoretically let someone get into your email, banking apps, and other personal accounts.
A Hacker’s Find
Chinese security expert Li Chang demonstrated on a TV show how a celebrity selfie with a “V” sign let her extract fingerprints. In the video she highlighted the ridge patterns on the index and middle fingers and showed that enhancing the image with photo editors and AI makes those details visible.
Li Chang says that from clear, well-lit frontal shots you can extract biometric details from photos taken up to 1.5 meters away. If a photo was shot from about three meters, attackers can still recover as much as half of the key fingerprint details.
How reliable the extraction proves depends on conditions: poor light, subject motion, or an awkward angle make data recovery much harder. The risk grows when multiple photos of the same hand appear online from different angles, because attackers can piece together a more complete fingerprint.
Li Chang recommends blurring, pixelating, or smoothing images of hands before you post them to make biometric harvesting more difficult.
Real-World Hacks
These techniques are not hypothetical. In 2014 Jan Krissler from the German hacking group Chaos Computer Club demonstrated that you could recreate Ursula von der Leyen’s fingerprint from photos taken at a press conference; von der Leyen now leads the European Commission.
The South China Morning Post reported that in July last year in Hangzhou criminals lifted a man’s fingerprints from a photo he posted and tried to unlock the smart lock on his home — authorities stopped the attempt.
Experts say they do not expect a mass surge of these attacks because creating a reliable copy requires very high-quality images. Jake Moore, a global cybersecurity adviser at ESET, explained: “The public doesn’t need to panic. This is mostly about targeted attacks when someone is trying to reach high-value resources protected by biometric locks. To produce a convincing copy you need ultra-high resolution and fingers aimed straight at the camera under perfect lighting.”
New Risks: AI Palm Reading
Experts also warn about a viral trend where people upload photos of their hands to chatbots for “digital palm readings.” On platforms like TikTok users post their results, but uploading sends the full image data to the AI, often in high quality.
Moore warns that sending these images to big tech companies such as adds risk because biometric data could be stored, used, or shared in the future.
Quick Safety Tips
- Avoid showing fingers in close-up, especially the “V” sign or other gestures that expose palm lines.
- Blur or pixelate hands before posting photos.
- Don’t upload high-quality photos of your hands to public chatbots or apps unless you trust the service’s data-retention policy.
- Check your account privacy settings and limit who can view albums that contain those images.
Based on reporting from Daily Mail
