"Shoulder surfing" refers to the practice of looking over someone's shoulder to watch them enter a PIN on a mobile device, like an iPad. It's not the most sophisticated hack ever, but it works, as long as the interloper has a line of sight. However, researchers from Lowell, Massachusetts have removed that restriction.
The group at UMass Lowell has devised a way to reliably capture a user's four-digit passcode without seeing his or her iPad's screen. Using a camera and the knowledge that the lock screen's keyboard is static, the group's software can reference finger movements to estimate the passcode as it's typed. In fact, they were able to accurately guess a target PIN 83% of the time. When targeting the iPhone 5, the success rate jumped to 100%.
That doesn't mean you've got to run into a broom closet whenever you unlock your iPhone or iPad. Just exercise a little caution. Meanwhile, the group is working on a way to randomize the Android keypad, to help prevent this very type of snooping. Hopefully Apple's Touch ID technology will make it to more devices soon, making this type of hack a moot point for Apple users.
No comments:
Post a Comment