Researchers at the University of Buffalo have discovered a way to identify smartphones – by the photos they take. It uses a flaw in digital images, similar to how police ballistics reports work.
This flaw, called photo-response non-uniformity (PRNU) occurs because the manufacturing process is imprecise. This creates minuscule variations between one camera’s sensors and another, that cause unique brighter or darker patterns in the images they click. Though these are invisible to the naked eye, a computer can spot these patterns.
Each of these patterns is unique for every camera. To study and match a digital camera to these images requires first analyzing 50 images taken by the camera. But in the case of smartphones, because their sensors are so much smaller, one picture is enough.
“Like snowflakes, no two smartphones are the same,” Kui Ren, the study’s lead author, said in a statement. “Each device, regardless of the manufacturer or make, can be identified through a pattern of microscopic imaging flaws that are present in every picture they take. It’s kind of like matching bullets to a gun, only we’re matching photos to a smartphone camera.”
The research has tested this theory using 16,000 images from 30 different iPhone 6s smartphones and 10 Samsung Galaxy Note 5 devices.The results show this analysis method had a whopping 99.5 percent accuracy.
The researchers believe this could be used as a form of ID verification in the future since the PRNU for each smartphone is like its fingerprint. For instance, if your favourite store has an app, you could upload a photo to register your PRNU to your name. That way, the next time you make a purchase, you can pay for it online and verify it with a simple photo. Of course, there’s the worry that the system compromised if someone just steals your smartphone or a hacker changes your PRNU saved in the app. In this case, it would probably be safer to use as two-factor authentication instead of your only password. However, the team believes the system can be modified to strengthen the process in future, perhaps by using QR codes in addition to the PRNU.