By Jean-Jacques DeLisle, contributing writer
Little-known fact: Every camera has a digital fingerprint, and researchers out of Buffalo, New York, have figured out a way to use this to identify individual smartphones with only one picture taken as a basis. The technology to ID cameras in general based on their pictures has existed for quite some time as a staple of digital forensics, but until recently, it was more difficult to understand. Previous forms of this tech required an average of 50 pictures to be taken by a single device before it could be identified. The new method — which is to be presented in February by its inventors from the University of Buffalo at the 2018 Network and Distributed Systems Security Conference in California — could be used as a new official authentication process to protect your identity or assets from cybercriminals.
The new method could be used as a new official authentication process to protect your identity or assets from cybercriminals. Image source: Pixabay.
According to Kui Ren, the study’s lead author, the identification process works because, “like snowflakes, no two smartphones are the same. Each device, regardless of the manufacturer or make, can be identified through a pattern of microscopic imaging flaws that are present in every picture they take.” He said it’s like matching bullets to a gun, only we’re matching photos to a smartphone camera. Tiny imperfections caused in the manufacturing process leave imprints on many of the camera sensor’s millions of pixels, making certain pixels appear to be brighter or darker in every image. Using special filters, a computer can identify this special fingerprint and use it to reveal the identity of any phone based solely on one image previously taken and scanned. Tests using this method were 99.5% accurate and involved the use of over 16,000 images taken by 30 different iPhone 6s smartphones and 10 different Galaxy Note 5 smartphones.
The goal is to use this as a form of identity protection at ATMs or store registers by linking your device to a bank or retailer, presumably via an app. Once your camera’s unique signature is saved as a reference, you can take a photo of a special QR code, which can then be used to identify your particular device. This is all to make sure that it is, in fact, you and the correct device at the terminal and not an impostor with your stolen credit card. Though this may seem like a slightly tedious process, for anyone who has had their identity stolen, it could be well worth the effort.
Though using this technology for identity protection is the intent of its creators, it seems like other applications for identifying phones could eventually surface, such as those with the ability to identify which device took a picture in cases involving human trafficking or other horrendous crimes. That could be a huge boon for law enforcement. Alternatively, criminals might use this technology for themselves to gain sensitive information about your device just from a picture that you might casually post on social media, for example. For our brave new world engulfed in the tech war, few can guess the implications that this advancement will force us to face.
Advertisement
Learn more about Electronic Products Magazine
