The odds are you can't make out the PIN of that guy with the sun glaring obliquely off his iPad's screen across the coffee shop. But if he's wearing Google Glass or a smartwatch, he probably can see yours.
Researchers at the University of Massachusetts Lowell found they could use video from wearables like Google Glass and the Samsung smartwatch to surreptitiously pick up four-digit PIN codes typed onto an iPad from almost 10 feet away-and from nearly 150 feet with a high-def camcorder. Their software, which used a custom-coded video recognition algorithm that tracks the shadows from finger taps, could spot the codes even when the video didn't capture any images on the target devices' displays.
This discussion has been archived.
No new comments can be posted.
Google Glass Snoopers can Steal Your Passcode with a Glance
|
Log In/Create an Account
| Top
| 27 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(Score: 4, Interesting) by LoRdTAW on Wednesday June 25 2014, @03:56AM
A simple fix for that problem would be to randomly rearrange the number pad.
So instead of something like:
1 2 3
4 5 6
7 8 9
0
You would instead get something like this:
3 7 1
4 8 0
9 2 5
6
Yea its a bit more confusing but you would need a direct line of sight to the display to see the actual number placement to read the pass code.
(Score: 0) by Anonymous Coward on Wednesday June 25 2014, @04:19AM
It wouldn't matter if you did, it is already trivial for criminals to place a small camera so that the keypad is totally visible. It would be like preventing theft by putting items on a higher shelf, it will do nothing to prevent determined thieves and will inconvenience ordinary consumers.
(Score: 2) by Foobar Bazbot on Wednesday June 25 2014, @04:40AM
Indeed, according to TFA, they've implemented just such a fix:
I'm not entirely sure what "as an Android operating system update" is supposed to mean in this context -- as there are plenty of apps that replace the stock lockscreen, it seems an ordinary app would suffice, so the most obvious interpretation is that Google will include it in Android and/or AOSP. But that sounds a little odd (Google has the fix, has committed to including it, but is waiting till their Black Hat talk to do so?), so I'm not sure.
(Score: 2) by kaszz on Wednesday June 25 2014, @04:46AM
An even more "evil" version is to re-randomize the position of the numbers for every pin-number that has been typed..
(Score: 2, Interesting) by anubi on Wednesday June 25 2014, @04:52AM
I did something similar for a store that wanted a "permission granter" that would power up a lumber saw... little ATMEL thing.
Problem is keys got swiped or lost, and keypads were too easily observed.
I ended up with a little quadrature encoder ( it was actually a stepper motor acting as a generator, chosen because it was so rugged and would magnetically cog ) wired to a little ATMEL chip. When the knob was messed with, the ATMEL would wake up and look at the knob speed to arrive at a starting number, which appeared to be completely random... it would then increment CW, decrement CCW. To engage the saw, you "opened" the lock as you would a combination lock... that is right to some number, left to another number, right to another number, zero. If you did it right, it would pull in the relay to the saw for ten minutes or until the knob was messed with again. If the saw itself was powered down and up, that would also reset the timer. It did not turn the saw directly on, but enabled it to where its start button would work. You could tell it was ready as the saw control buttons were illuminated when power was available.
The LED display was arranged behind a chute-like tunnel so the display could only be seen head-on by the operator. If a bad code was entered, the device would just flash at you, and if you entered three bad in a row, it would make a lot of noise. It took a zero entry to make it count it as a try, hence, if someones child decided to screw around with the knob, it would just harmlessly rotate until the kid got tired of playing with it. It was smart enough that if you overshot or undershot and backed up to fix your mis-entry, it would understand. Two digit display, 00 to 99. Typical code would be something like 17,76,25,0, and the last zero would stay there until either it timed out or the knob was messed with.
You could not have two numbers too close together because that would have interfered with the grace logic which allowed you to redo a botched attempt, as the program was counting direction reversals as its cue to enter the key number at the apex of the knob travel.
You could watch the operator spinning the knob left and right, but it was really hard to tell exactly what number he was landing on, as the way I had coded it, if he missed it the first go-around, it was easier just to keep turning the knob in the same direction until the number showed again, so watching a guy open this thing was tricky at best to duplicate, but given one could see the display and knew the code, it was very intuitive.
Like you say, if its something external cues the operator - and he makes his action as a function of that cue, it makes it a lot harder to deduce the access code by simply watching him.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 1) by unauthorized on Wednesday June 25 2014, @05:08AM
An even better fix is to use multifactor authentication. A wireless "keychain" device stored on your person will foil any kind of "over the shoulder" attack, and the only added inconvenience would be the initial device pairing process.
(Score: 2) by kaszz on Wednesday June 25 2014, @05:12AM
And the radio giveaway.. "I'M HERE!" ..
(Score: 0) by Anonymous Coward on Wednesday June 25 2014, @05:49AM
Unless the device is not radio but optical or mechanical or whatever.
(Score: 1) by unauthorized on Wednesday June 25 2014, @04:32PM
So what? If someone is willing to forcefully take it off my hands, then they are probably also willing to implement the $5 wrench [xkcd.com] attack.
(Score: 2) by kaszz on Wednesday June 25 2014, @04:42PM
Force is hard if you can't find the person to apply onto..
(Score: 1) by unauthorized on Wednesday June 25 2014, @06:31PM
You are missing the point. This technique is meant to deter skript kiddies with cameras and too much free time on their hands. If you are worried about people who use wrenches, then you presumably will be vigilant enough not to input your password in plain sight.
(Score: 2) by edIII on Wednesday June 25 2014, @05:18AM
Another good fix is layered security. Apple and Android just need to add something like a FIPS compliant fingerprint reader.
The combination of biometrics and a randomized keypad is going to be pretty hard to beat.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by Open4D on Wednesday June 25 2014, @03:59PM
That seems a sensible countermeasure.
There are other slightly less simple fixes. My preferred solution would be a built-in fingerprint scanner - because I think it would have a good combination of convenience and security. But my Galaxy Nexus doesn't have one, and it's not worth upgrading just for that.
So I'd settle for a screen-tap unlock mechanism that can be done without me looking at the screen.
One approach I think could work on a multi-touch screen would be chords, like on a piano. So the first 'character' of my 'password' could be [thumb, forefinger, little finger]. The second 'character' could be [forefinger, ring finger]. Etc..
So for security I could aim the screen at the floor so that no-one can see the 'password' being entered. Or for convenience I can unlock the phone without looking at it - e.g. while walking along the street, or while maintaining a conversation with someone.
(Note, this is not the same as http://gkos.com/ [gkos.com] which uses chords for speed, and it seems you do need to look at the screen.)
(Score: 3, Informative) by Foobar Bazbot on Wednesday June 25 2014, @04:50AM
Or a pen-cam [amazon.com], or a hat-cam [amazon.com], or a glasses-cam [amazon.com] (which have been available for years without the added display that makes for Glass), or a watch-cam [amazon.com] (again, predating smartwatches, at least in the current definition, by years), etc. Or even the old face-to-the-left,-hold-cameraphone-to-right-ear dodge. (Periodically take it down to push a button; interaction with a tone-driven computer menu is much easier to fake convincingly than a voice conversation.) Anyway, an honest headline would be more like "Wearable Camera Snoopers Can Steal Your Passcode With A Glance".
This isn't to denigrate the research at all -- it might seem a little obvious to some of us that that's feasible, but it's good to have someone implement it and give us some numbers, and kudos to them for also developing a mitigation (see my other comment [soylentnews.org]). My point is that the headline mentioning only Google Glass is bad reporting -- at best, it's a shameless clickbait using a "hot" term instead of the most accurate, and at worst an attempt to manipulate opinion about Glass by implying the problem is unique to Glass. Of course, it's Wired, so it's not like anyone expected better of them, but it could stand to be rewritten for SN.
(Score: 2) by Tork on Wednesday June 25 2014, @05:42AM
Ah, so you're saying that in a line of 20 people behind you at the ATM, at least 18 of them have a pen cam, hat cam, glasses cam, or watch cam aimed at you?
🏳️🌈 Proud Ally 🏳️🌈
(Score: 2) by choose another one on Wednesday June 25 2014, @08:58AM
Where do you go where 18 of them have Google Glass ? Point is you can see someone using Glass, but not necessarily the other options.
Also, the researchers got good accuracy 150ft away using an HD cam corder, and remember they were looking at non-fixed targets (tablets, phones). With tripod and decent optics, I bet you could target a fixed keyboard like an ATM from a _lot_ further away.
How many windows overlook your ATM ? Within 150ft ? Within 500ft ? Why focus on the low-res low-quality close-in-only Google Glass result ?
(Score: 2) by jimshatt on Wednesday June 25 2014, @09:27AM
A problem I see with the random digit keypads (as proposed earlier) is that it will take you a longer time typing in the number, and maybe exposing more clearly what you type in because you have to look at the keypad. Now I just wave my hand over the keypad, using the other hand as a shield. I still like the idea though.
(Score: 2) by Tork on Wednesday June 25 2014, @05:39PM
What do you think will happen if they take off?
"Point is you can see someone using Glass, but not necessarily the other options."
What you can't see is if they're recording.
🏳️🌈 Proud Ally 🏳️🌈
(Score: 2) by Foobar Bazbot on Wednesday June 25 2014, @06:26PM
Not sure what ATMs have to do with it -- TFA and TFS both talk about reading passcodes enter on touchscreens, subject to such viewing angles and light conditions that the screen is not readable. All the ATMs around here use physical keypads, so this attack isn't even necessary. Moreover, without installing a skimmer on the ATM's slot to read your card's magstripe (I assume you're in the US, where we still use old-school magnetic cards instead of smartcards), extracting your PIN wouldn't do much good. AIUI the typical approach in such cases is to mount a camera looking at the ATM's keypad at the same time you mount the skimmer, rather than to loiter in the area with any sort of camera; come back in a few days and download the results from camera and skimmer.
Anyway, the point is, if 18 of the people in line behind you really don't have hidden cameras pointed at you now, that indicates that most people don't want to snoop your ATM PIN, tablet passcode, or whatever. Yes, if they have Google Glass on, they will have the ability to do so, but most of them still won't be doing it. The few people who are trying to read your passcode probably won't use Google Glass until it's sufficiently mainstream to not draw attention (and people are sufficiently accustomed to the "recording" light to note its absence and assume it means you really aren't recording), and at that point will be no more nor less obvious with Google Glass than they are now when using the wide range of currently available wearable hidden cameras. Since the attack is already eminently feasible with off-the-shelf hardware, Glass doesn't fundamentally change the threat, nor your response to that threat. What does (slightly) change the threat is that we now have a demonstration that glare and poor viewing angle don't limit your attackers, as long as they can see your fingers and the "shadows" (not sure if they mean shadows or reflections) of your fingers on the screen as you enter the passcode -- and this applies no matter what camera they use.
(Score: 2) by Tork on Wednesday June 25 2014, @07:18PM
It was a description of a public place where people are watching you do something sensitive. The other poster was unable to distinguish the difference between covert recording and having a camera strapped to your face.
"Since the attack is already eminently feasible with off-the-shelf hardware..."
This is not correct for a couple of reasons. First is that Glass will always be at a much better vantage point than any other device you could point at somebody. This *is* an important factor, that's why there are so many configurations of hidden cameras. Second is that the person wearing Glass may not be the one doing the recording. It is an internet-connected device running arbitrary software. We've already seen the stories about webcams betraying their owners.
🏳️🌈 Proud Ally 🏳️🌈
(Score: 0) by Anonymous Coward on Wednesday June 25 2014, @09:57PM
Hat-cam? Glasses-cam? These both have practically-identical vantage point to Google Glass. Did you even read the OP you're replying to?
(Score: 2) by Tork on Wednesday June 25 2014, @10:07PM
Yes. Hat-cam is not the same vantage point, I know for a fact you've seen comedies that point this out. 'Glasses-cams' are spotable... because Glass is SUPPOSED to have that lens there.
Oh and the whole always-in-plain-sight thing, but since you haven't taken the time to put any serious thought into the practicality of the point you're trying to make I don't expect you to get that.
🏳️🌈 Proud Ally 🏳️🌈
(Score: 0) by Anonymous Coward on Wednesday June 25 2014, @10:30PM
(Score: 1) by tftp on Wednesday June 25 2014, @07:54AM
The problem is not unique to GG. However while pen-cams, hat-cams, and glasses-cams are available, nobody in his right mind is rushing to buy them. Why? Because they are single purpose devices. They only do surveillance. Too few people would want to spend big bucks on a niche device. GG breaks this mold; Google is advertising GG as a product that can do other things that a common man may find useful. GG is not bought as a spy cam; it is bought as a Twitting/Facebooking thingy; the spy aspect is a free bonus. Nobody expects pen-cams to become fashion items; however GG explicitly strives for that.
If you want a bit more emotional example, here is one: guns. Anyone who is a hoplophobe believes that guns are evil because they have only one purpose: to kill people. Perhaps; it doesn't matter in this example. But from this POV you can argue that you don't need to take your gun to a restaurant, unless you plan to murder someone. (Again, we are ignoring examples from recent history.) However imagine that someone invents a fashionable dining accessory that also can be used as a gun. What are the chances that you, who never intended to carry your Glock to the restaurant, will be having this new and wondrous automatic fork with you at the table?
What GG does is it lowers the barrier of entry. A potentially unwelcome product is delivered inside a bundle, which acts as the Trojan horse. That's why GG is seeing so much opposition. Removal of camera would be an easy way to alleviate those concerns. The camera in GG is just as unwelcome as the camera in a pen.
There is yet another aspect of GG that makes it worse than pen cameras. Pen cameras are owned and used by a single person. There is zero chance that its recordings will ever be processed by supercomputers and results sent to the government. However GG does exactly that.
(Score: 2) by Nerdfest on Wednesday June 25 2014, @01:19PM
It doesn't really lower the bar for entry; you could do the same thing with your cell phone camera and nobody would even look twice at you.
(Score: 2) by Foobar Bazbot on Wednesday June 25 2014, @05:57PM
FWIW, shortly after I got my first paying job, I rushed to buy a pen-camera. However, this doesn't refute your claim that nobody in his right mind was rushing to buy them, because I was a teenage boy with a sudden influx of discretionary funds, and thus definitely not in my right mind. ;) No, I didn't have any planned use for it, it was just so cool that I had to have it. I suspect that purchases like that are what keep the quantities high enough to enable the ridiculously low prices on what should be niche gear.
I understand your argument, but I don't buy its significance. To me, the fact that most people don't buy spy cameras mostly suggests that people simply aren't interested in spying on others, not that they are interested, but not enough to spend money on it. Are there some people who want to spy, but not badly enough to buy a $15 pen-cam, and who thus will use wearables like Glass or a smartwatch that way? Sure, but $15 vs. $0 is not a big difference to anyone who can afford a wearable in the first place, so I think very few people fall into that gap.
While the big data thing strikes me as a very reasonable concern, I don't see any connection between that and this passcode-reading attack -- even if Google/NSA (or some rogue Google/NSA employee, or anyone else who gained access to their data by any means) wants to use this attack to read everyone's passcode, they need an actual video clip of the entire passcode entry process. This is unlikely to show up in the background of some video taken for innocuous reasons, so for an on-demand recorder like Glass, there doesn't seem to be a significant problem involving this attack. In some hypothetical future, when cameras and radio transmitters take much less power to run, we could see some kind of always-on wearable camera with the ability to continuously stream to the cloud (something like the "grain" in that episode of Black Mirror), and then this attack would be useful on the resulting enormous stockpile of video. But right now, that problem with Glass has nothing to do with this article.
(Score: 2) by Rivenaleem on Wednesday June 25 2014, @02:57PM
It's amazing what you can do with a field telescope and a notepad. Both of which predate the ATM you are snooping on.