Every time Apple, Samsung, or Google announces a new camera on their respective phones, everyone nods. A better phone would be great! Everyone likes crisp, high-quality photos that are easy to take in all light conditions.
This happens for a lot of tech for much more than just phone cameras. As personal devices, networks and speeds have improved, everyone is armed with James Bond-worthy technology like satellite access, incredible zooms, and more.
But these innovations have come with uncomfortable flipsides – most notably, security risks. This month a man was arrested in Tokyo for stalking and hurting female pop idol, using common technology to find her.
According to the AP, Japanese media said the man had found her location using details in selfies she took, specifically the reflection in her pupils that showed in her photos shared on social media.
Most people are likely aware that if you’re wearing sunglasses in a photo, they may show reflections with significant detail – you might be able to see, for instance, that your friend was standing across from a Taco Bell when he took that selfie. But this story highlights the fact that some camera phones have gotten so good that photos with eyes can be mined for details in their reflections.
Phone camera detail has gotten incredibly good. The iPhone 4S had an 8-megapixel rear camera and 0.3 MP front camera. The current iPhone 11 Pro’s front and rear cameras are both 12 MP – much higher quality per megapixel. A few years ago, Instagrams were just 612 pixels across. Then they were 640. Now they are 1080 pixels. Twitter images aren’t necessarily huge, but videos can handle 60 frames per second and 720 pixels. All this means photos these days are larger, have higher resolution and way, way more detail. (This viral image shows how much detail could be possible, though it wasn’t from a satellite, as reported.)
Add the visual details in photos and videos to the vast publicly available databases like Google Street View and Google Earth, and everyone essentially has access to spy-like technology. This is how the stalker was able to find his target, according to the reports.
To someone with time and creativity, identifying a location even from a two-second video is possible these days. On Twitter, there’s an account dedicated to figuring out where a photo was taken. At first glance, the photos and videos offer few clues. To some it’s a fun sleuthing exercise. But it’s also a reminder that a lot more detail than you might think is hidden in the pixels — even without things like meta-data that might offer actual GPS coordinates, dates, times, and other information. (Here’s an interesting Medium post that shows how you might figure it out.)
New security issues keep popping up
Unforeseen security issues are increasingly popping up. Take the advent of the fingerprint sensor that replaced the phone passcode for most people to unlock their phones. While someone may not be able to get a password from someone under duress, they probably can get a finger on a finger-print reader that unlocks a phone. According to a Forbes report in 2018, police have used dead-people’s fingers to unlock phones.
On a similar note, when Google released its new facial recognition software, it worked when a person’s eyes were closed, which means that someone could unlock a sleeping person’s phone without touching them. (Google is patching this problem.)
— Chris Fox (@thisisFoxx) October 15, 2019
Adding social media to the mix – and its repository of personal data – is another aspect that rarely gets a second thought from users. But hashtagging and geotagging uploads on Instagram, for example, can expose people’s locations and identities. A Buzzfeed investigation showed that using publicly available surveillance — public webcams exist all around the world; they are used in Times Square in New York — reporters were able to find the real names and identities of numerous people.
Security issues usually get patched eventually by companies when they can, but it’s often a long time after they’ve been operational. For example, Facebook recently changed its powerful Graph Search that allowed users to find people easily using plain language (“people who went to X school and work at Y company,” for example). In many cases, users probably didn’t know that the information made themselves publicly identifiable and visible.
It’s impossible to opt out of technology completely, as people around you will use it, but it’s worth remembering what is possible and to think creatively about not just the upside of technology.
For now, the phone camera quality issue is only going to get more intense. Though it’s not currently clear whether this fear is justified, Japanese media have said that people shouldn’t make the “V-sign” (a peace sign) with their hands, as it puts them at risk for having their fingerprints stolen.
In 2017, Snopes rated this claim “unproven,” as the articles that referenced these concerns didn’t mention any hackers actually taking these actions. But one thing is for sure: if a bad actor can figure out where someone is via their retinal reflections, that’s not out of the realm of possibility.
Correction: A previous version of this story said the name of the Japanese pop star was Hibiki Sato. That is the stalker’s name.