2026年6月1日 / 美国东部时间上午8:46 / 哥伦比亚广播公司新闻
最近引发网络恐慌的一个话题,以一张比出和平手势的自拍形式出现了。
社交媒体上有帖子称,黑客可以从网络上比出和平手势的自拍对象身上提取指纹,并利用人工智能进行增强,这些帖子获得了数千个赞,也让一些人感到焦虑不安。
“干脆把人工智能彻底取缔吧!”一名Instagram用户写道,这条评论获得了超过1.6万个赞。“它显然是对人类的威胁,根本不是来帮助普通人的。”
另一名Instagram用户哀叹道,他们不得不改变自拍的方式。
专家表示,其实没必要这么做。虽然从照片中提取指纹是有可能的,但对普通人来说,这种风险很低。
“你明天被车撞的概率,都比这辈子遇上这种事的概率高,”纽约大学教授、网络安全专家贾斯汀·卡波斯说道。他的研究成果已被谷歌、帕兰蒂尔等公司采用。
这类社交媒体帖子似乎大多源于一档中国电视节目4月播出的一期片段,节目中一名专家展示了,只要在距离相机几英尺的地方拍摄比出和平手势的自拍,指纹清晰可见,网络罪犯就可以通过数字方式提取指纹。如果黑客成功提取到指纹,就有可能利用这些指纹破解使用指纹验证登录的敏感账户。与密码不同,生物识别数据无法更改。
“这听起来像是间谍小说或《碟中谍》里的情节,”卡内基梅隆大学电气与计算机工程教授维亚斯·塞卡尔说道。“理论上是可行的,尤其是当人们发布高分辨率照片的时候。”
确实有过相关案例。2014年,据报道一名黑客声称,利用在一场新闻发布会上拍摄的特写照片,克隆了时为德国国防部长的欧盟委员会主席乌尔苏拉·冯德莱恩的指纹。同年,加密货币交易所Kraken的一组安全研究人员,借助Photoshop、打印机和胶水,根据一张留在物体表面的指纹照片,成功还原出了完整指纹。
但即便黑客获取了你的指纹,要想用它做任何事,他们还需要能接触到你用于解锁设备的物理指纹扫描仪——比如笔记本电脑上的,或是银行的指纹支付 pad。
塞卡尔表示,黑客还需要“相当有决心”,并且很可能会选择“高价值目标”,这类目标的指纹才具有利用价值,比如能进入高安全级别设施的人员。
卡波斯表示,对大多数人来说,通过网络钓鱼诈骗被攻击的可能性更高,比如发送包含恶意软件链接或欺诈网站的邮件来窃取个人信息。
“我认为网络罪犯还没有开始大规模将提取指纹作为攻击手段,”他在谈到提取指纹这项技术时说道。“十年后,谁知道形势会不会发生变化,网络罪犯会不会将其作为攻击向量或其他什么手段。但就目前而言,这种情况肯定不会发生。”
Can hackers pull your fingerprints from photos on social media? Experts explain.
June 1, 2026 / 8:46 AM EDT / CBS News
One of the latest culprits of online panic has arrived in the form of a peace sign selfie.
Social media posts claiming that hackers can extract fingerprints from photo subjects flashing peace signs online and enhance them using artificial intelligence have garnered thousands of likes and sparked anxiety for some.
“Just end AI already!” wrote one Instagram user, whose comment received more than 16,000 likes. “It’s clearly a threat to humanity and not here to help regular people.”
Another Instagram user lamented that they will have to change how they take their selfies.
Experts say that’s probably not necessary. While it is possible for fingerprints to be pulled from a photo, the risk is low for the average person.
“You have a better chance of being hit by a car tomorrow than this happening to you in your lifetime,” said Justin Cappos, a New York University professor and cybersecurity expert whose research has been adopted by companies like Google and Palantir.
Many of the social media posts appear to have stemmed from an April segment on a Chinese television show featuring an expert who showed how taking a peace sign selfie with your fingerprints visible within a few feet of the camera could allow cybercriminals to digitally extract them. If hackers are successful in extracting a fingerprint, they could potentially use it to breach sensitive accounts that use fingerprints for access.Unlike passwords, biometric data can’t be changed.
“This sounds like the stuff out of spy novels or ‘Mission Impossible,’” said Vyas Sekar, an electrical and computer engineering professor at Carnegie Mellon University. “In theory, it’s possible, especially if people are posting high resolution images.”
There have been some cases. In 2014, a hacker reportedly claimed to have cloned a fingerprint of European Commission President Ursula von der Leyen, then Germany’s defense minister, using close-up photos taken at a press event. That same year, a team of security researchers at the cryptocurrency exchange, Kraken, were able to construct a fingerprint from a photo of one marked on a surface with the assistance of photoshop, a printer and glue.
But, even if a hacker were to obtain your fingerprint, to do anything with it, they would need access to the physical scanner your fingerprint unlocks — like on a laptop or a thumbprint pad at a bank.
A hacker also would need to be “fairly determined” and likely choose a “high-value target” that renders a fingerprint valuable, such as someone with access to a high-security facility, Sekar said.
For most people, there’s a higher likelihood of being targeted through a phishing scam like an email containing links to malware or fraudulent websites to extract personal information, Cappos said.
“I don’t think cyber criminals have started to try to weaponize it at any scale,” he said of extracting fingerprints. “Ten years from now, who knows if the landscape has shifted and cyber criminals are using this as an attack vector or something. But definitely, where we are today, this is not going to happen.”
发表回复