PRNU: How to Identify Your Smartphone from a Single Photo

Let’s talk about forensics, cameras, and how point & shoot cameras may actually protect your privacy a bit better than smartphone camera apps. Does that sound weird? It is – and we’re just getting started.

First, the forensics: it’s a process called PRNU, or photo-response non-uniformity. When you look at a photo, even a digital photo that’s never seen a print-out, there are tiny flaws all over it. Those flaws are created by many factors, which also include the gamma in a digital camera, but a number of them involve the software and hardware of the camera used to take the pictures.

You can probably see where this is going. Like identifying a fingerprint or a fired bullet, forensic specialists can use a photograph to identify the exact device it was taken on. They carefully examine all the pixels that are slightly different (usually lighter or darker than expected) and compare those pixels to new photos taken by devices to find a match. The differences are so small that humans can see them by looking, so specialized software does the job instead.

This can quickly identify what device took incriminating photos, for example – but here’s where it gets interesting. According to research done on both iPhones and Samsung Galaxy Note devices, which are frequently used with vlogging to make money, it’s far, far easier to identify smartphones with this process. For a regular camera like the Sony A6600, it takes about 50 photos per camera to analyze before an authentic match can be made. For smartphones, however, you only need one photo and it can be successfully matched with the phone that took it. Results, in either case, are around 99.5% accurate. Regardless of how the photo was taken, even with a Snappgrip Wireless Bluetooth remote shutter, the picture is still marked by the device’s unique print.

This PRNU approach has potential for future ID protection too, so it’s not all about catching bad guys or going on a hunt for the right device. This could make it much more difficult to steal digital identities and use funds to buy stuff…if you have the wrong smartphone. Here’s hoping the tech will get there quickly!