The odds are you can't make out the PIN of that guy with the sun glaring obliquely off his iPad's screen across the coffee shop. But if he's wearing Google Glass or a smartwatch, he probably can see yours.
Researchers at the University of Massachusetts Lowell found they could use video from wearables like Google Glass and the Samsung smartwatch to surreptitiously pick up four-digit PIN codes typed onto an iPad from almost 10 feet away-and from nearly 150 feet with a high-def camcorder. Their software, which used a custom-coded video recognition algorithm that tracks the shadows from finger taps, could spot the codes even when the video didn't capture any images on the target devices' displays.
(Score: 2) by Foobar Bazbot on Wednesday June 25 2014, @06:26PM
Not sure what ATMs have to do with it -- TFA and TFS both talk about reading passcodes enter on touchscreens, subject to such viewing angles and light conditions that the screen is not readable. All the ATMs around here use physical keypads, so this attack isn't even necessary. Moreover, without installing a skimmer on the ATM's slot to read your card's magstripe (I assume you're in the US, where we still use old-school magnetic cards instead of smartcards), extracting your PIN wouldn't do much good. AIUI the typical approach in such cases is to mount a camera looking at the ATM's keypad at the same time you mount the skimmer, rather than to loiter in the area with any sort of camera; come back in a few days and download the results from camera and skimmer.
Anyway, the point is, if 18 of the people in line behind you really don't have hidden cameras pointed at you now, that indicates that most people don't want to snoop your ATM PIN, tablet passcode, or whatever. Yes, if they have Google Glass on, they will have the ability to do so, but most of them still won't be doing it. The few people who are trying to read your passcode probably won't use Google Glass until it's sufficiently mainstream to not draw attention (and people are sufficiently accustomed to the "recording" light to note its absence and assume it means you really aren't recording), and at that point will be no more nor less obvious with Google Glass than they are now when using the wide range of currently available wearable hidden cameras. Since the attack is already eminently feasible with off-the-shelf hardware, Glass doesn't fundamentally change the threat, nor your response to that threat. What does (slightly) change the threat is that we now have a demonstration that glare and poor viewing angle don't limit your attackers, as long as they can see your fingers and the "shadows" (not sure if they mean shadows or reflections) of your fingers on the screen as you enter the passcode -- and this applies no matter what camera they use.
(Score: 2) by Tork on Wednesday June 25 2014, @07:18PM
It was a description of a public place where people are watching you do something sensitive. The other poster was unable to distinguish the difference between covert recording and having a camera strapped to your face.
"Since the attack is already eminently feasible with off-the-shelf hardware..."
This is not correct for a couple of reasons. First is that Glass will always be at a much better vantage point than any other device you could point at somebody. This *is* an important factor, that's why there are so many configurations of hidden cameras. Second is that the person wearing Glass may not be the one doing the recording. It is an internet-connected device running arbitrary software. We've already seen the stories about webcams betraying their owners.
🏳️🌈 Proud Ally 🏳️🌈
(Score: 0) by Anonymous Coward on Wednesday June 25 2014, @09:57PM
Hat-cam? Glasses-cam? These both have practically-identical vantage point to Google Glass. Did you even read the OP you're replying to?
(Score: 2) by Tork on Wednesday June 25 2014, @10:07PM
Yes. Hat-cam is not the same vantage point, I know for a fact you've seen comedies that point this out. 'Glasses-cams' are spotable... because Glass is SUPPOSED to have that lens there.
Oh and the whole always-in-plain-sight thing, but since you haven't taken the time to put any serious thought into the practicality of the point you're trying to make I don't expect you to get that.
🏳️🌈 Proud Ally 🏳️🌈
(Score: 0) by Anonymous Coward on Wednesday June 25 2014, @10:30PM