Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 12 submissions in the queue.

Google Glass Snoopers can Steal Your Passcode with a Glance

posted by LaminatorX on Wednesday June 25 2014, @03:24AM   Printer-friendly
from the Peak-Peeking dept.

taylorvich writes:

The odds are you can't make out the PIN of that guy with the sun glaring obliquely off his iPad's screen across the coffee shop. But if he's wearing Google Glass or a smartwatch, he probably can see yours.

Researchers at the University of Massachusetts Lowell found they could use video from wearables like Google Glass and the Samsung smartwatch to surreptitiously pick up four-digit PIN codes typed onto an iPad from almost 10 feet away-and from nearly 150 feet with a high-def camcorder. Their software, which used a custom-coded video recognition algorithm that tracks the shadows from finger taps, could spot the codes even when the video didn't capture any images on the target devices' displays.

 
This discussion has been archived. No new comments can be posted.
Google Glass Snoopers can Steal Your Passcode with a Glance | Log In/Create an Account | Top | 27 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Foobar Bazbot on Wednesday June 25 2014, @06:26PM

    by Foobar Bazbot (37) on Wednesday June 25 2014, @06:26PM (#60005) Journal

    Not sure what ATMs have to do with it -- TFA and TFS both talk about reading passcodes enter on touchscreens, subject to such viewing angles and light conditions that the screen is not readable. All the ATMs around here use physical keypads, so this attack isn't even necessary. Moreover, without installing a skimmer on the ATM's slot to read your card's magstripe (I assume you're in the US, where we still use old-school magnetic cards instead of smartcards), extracting your PIN wouldn't do much good. AIUI the typical approach in such cases is to mount a camera looking at the ATM's keypad at the same time you mount the skimmer, rather than to loiter in the area with any sort of camera; come back in a few days and download the results from camera and skimmer.

    Anyway, the point is, if 18 of the people in line behind you really don't have hidden cameras pointed at you now, that indicates that most people don't want to snoop your ATM PIN, tablet passcode, or whatever. Yes, if they have Google Glass on, they will have the ability to do so, but most of them still won't be doing it. The few people who are trying to read your passcode probably won't use Google Glass until it's sufficiently mainstream to not draw attention (and people are sufficiently accustomed to the "recording" light to note its absence and assume it means you really aren't recording), and at that point will be no more nor less obvious with Google Glass than they are now when using the wide range of currently available wearable hidden cameras. Since the attack is already eminently feasible with off-the-shelf hardware, Glass doesn't fundamentally change the threat, nor your response to that threat. What does (slightly) change the threat is that we now have a demonstration that glare and poor viewing angle don't limit your attackers, as long as they can see your fingers and the "shadows" (not sure if they mean shadows or reflections) of your fingers on the screen as you enter the passcode -- and this applies no matter what camera they use.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by Tork on Wednesday June 25 2014, @07:18PM

    by Tork (3914) Subscriber Badge on Wednesday June 25 2014, @07:18PM (#60018)
    "Not sure what ATMs have to do with it --"

    It was a description of a public place where people are watching you do something sensitive. The other poster was unable to distinguish the difference between covert recording and having a camera strapped to your face.

    "Since the attack is already eminently feasible with off-the-shelf hardware..."

    This is not correct for a couple of reasons. First is that Glass will always be at a much better vantage point than any other device you could point at somebody. This *is* an important factor, that's why there are so many configurations of hidden cameras. Second is that the person wearing Glass may not be the one doing the recording. It is an internet-connected device running arbitrary software. We've already seen the stories about webcams betraying their owners.
    --
    🏳️‍🌈 Proud Ally 🏳️‍🌈

    • (Score: 0) by Anonymous Coward on Wednesday June 25 2014, @09:57PM

      by Anonymous Coward on Wednesday June 25 2014, @09:57PM (#60087)

      Hat-cam? Glasses-cam? These both have practically-identical vantage point to Google Glass. Did you even read the OP you're replying to?

      • (Score: 2) by Tork on Wednesday June 25 2014, @10:07PM

        by Tork (3914) Subscriber Badge on Wednesday June 25 2014, @10:07PM (#60090)

        Yes. Hat-cam is not the same vantage point, I know for a fact you've seen comedies that point this out. 'Glasses-cams' are spotable... because Glass is SUPPOSED to have that lens there.

        Oh and the whole always-in-plain-sight thing, but since you haven't taken the time to put any serious thought into the practicality of the point you're trying to make I don't expect you to get that.

        --
        🏳️‍🌈 Proud Ally 🏳️‍🌈

      • (Score: 0) by Anonymous Coward on Wednesday June 25 2014, @10:30PM

        by Anonymous Coward on Wednesday June 25 2014, @10:30PM (#60095)
        Did YOU read the post? Even if you managed to win that point it would have been completely obliterated by the rest of his post. If you really want to stay on this sinking ship of an argument you need to start looking up cameras that can be planted on other people.