Researchers at the University at Buffalo NY have discovered that it is possible to identify individual smartphones from just a single photo taken by the device. The technique is compared directly to ‘barrel matching’ or identifying a gun which has fired a particular bullet. In the case of smartphones, each one takes photos with a telltale “pattern of microscopic imaging flaws that are present in every picture they take”. Specifically, the manufacturing imperfections creating tiny variations in each camera’s sensor is referred to as its photo-response non-uniformity (PRNU).
Explaining why there are differences in recorded photos from these mass produced products, the UB Blog says that while camera modules and lenses are built for identical performance, manufacturing imperfections cause tiny variations and “these variations can cause some of sensors’ millions of pixels to project colours that are slightly brighter or darker than they should be.”
The differences between the different smartphone outputs, especially shots of the same scene by the same device model are not easily to see by the naked eye, if at all. However, the lack of uniformity in mass production “forms a systemic distortion in the photo called pattern noise”. Extracted by special filters, the pattern is unique for each camera and can be saved as its PRNU.
In tests scientists accurately identified which of 30 different iPhone 6s smartphones and 10 different Galaxy Note 5s smartphones took each of 16,000 images in a database correctly 99.5 per cent of the time.
Beyond the obvious implications that come from the comparison between smartphone camera output and gun barrels / bullets, there are other uses for this tech. The UB team suggests that you could register your PRNU with a bank or retailer, for example, and it adds an extra layer of security to ID verification. Potentially the tech could be used to defeat three of the most common tactics used by cybercriminals, think the researchers; fingerprint forgery attacks, man-in-the-middle attacks, and replay attacks.
Interestingly, as more smartphones get dual-camera systems the researchers reckon that forgery attacks will be even more difficult.
We will find out more about the new technology utilising smartphone camera ‘fingerprints’ in February, at a presentation at the 2018 Network and Distributed Systems Security Conference in California. However, in the meantime, you can read through the paper ABC: Enabling Smartphone Authentication with Built-in Camera (3.3 MB PDF).