New Google Glass surveillance trick really shows why we need alternatives to passwords

Google Glass Spying SoftwareImage Source: Wired

Researchers at the University of Massachusetts Lowell have discovered a way to steal iPad passwords with help of camera-equipped devices, Wired reports, including Google Glass, the iPhone 5s, a Samsung smartwatch and a Logitech webcam. To make this work, though, you’ll also need to install software onto your device that takes into account the tablet’s geometric position and is able to track the shadows of finger taps on the screen.

While any camera-enabled device would work with the custom software, Google Glass seems to work the best for performing sneak attacks.

“Any camera works, but you can’t hold your iPhone over someone to do this,” UMass Lowell computer science professor Xinwen Fu said. “Because Glass is on your head, it’s perfect for this kind of sneaky attack.”

With Glass, the researchers were able to pick up four-digit iPad PINs from three meters away with 83% accuracy, with the number going past 90% after manual correction of errors. A Logitech webcam managed to pick up the code 92% of the time, while the iPhone 5s got it every time thanks to its better camera. The Samsung smartwatch offered similar accuracy as Google Glass.

Furthermore, Fu estimates that the technology could recognize eight-character passwords on an iPad QWERTY keyboard 78% of the time using Google Glass.

“Unfortunately, stealing passwords by watching people as they type them…is nothing new,” Google said in a statement “We designed Glass with privacy in mind. The fact that Glass is worn above the eyes and the screen lights up whenever it’s activated clearly signals it’s in use and makes it a fairly lousy surveillance device.”

Fu said that it’s not Google Glass that’s detrimental to this technology, but the passcodes themselves, as the researchers managed to capture a PIN typed on a glare-obscured screen from 44 meters away using a Panasonic camcorder. The researchers have created an Android keyboard app, dubbed the Privacy Enhancing Keyboard, which would randomize the layout of a tablet’s lockscreen keyboard, making such password-stealing tricks nearly impossible, as the keyboard layout would constantly change.

Source:
Wired
blog comments powered by Disqus