Have you ever tried to see one’s password as he was typing it on the laptop or tablet? If you did then you know that it’s not easy and most of the times is impossible. But now, if you’re that curios, Google Glass can help you take snooping to a whole new level.
However, we’re not telling you this so that you can go read your friends’ passwords, but only to make you aware of this possibility and teach you how to protect yourself from snoopy individuals.
This information was made public thanks to researchers at the University of Massachusetts Lowell, who discovered that by playing Glass or Samsung Gear recorded videos, you can see a four-digit code typed into a device and if the camera used is high definition, then you can also see a password from nearly 150 feet away. Of course, in order to do so, you should install a custom algorithm that can read the code entered, by spotting the shadows made by finger tapping. They say that the video doesn’t necessarily have to be focused on that specific person, it’s enough if that person is caught on tape.
Xinwen Fu, one of UMass Lowell’s computer science professors, said that this discovery should be taken as an alert regarding smartwatches and Google Glass. He says that he will be presenting the gathered data at the Black Hat security conference, held this year in August, because if anyone can record what you’re typing on your devices, you could be in serious danger.
While making tests on devices that can video record, Fu and his students discovered that when using Glass or a smartwatch , the accuracy of the code reading was around 83 percent and over 90 percent if the algorithm was manually modified during tests. They also conducted tests on a Logitech webcam, that read the code 92% of the times and on iPhone 5 who guessed the code almost every time.
Automated password stealing is not new, and hackers have already published how to do that, but professor Fu says that in these previous techniques, the camera had to see the device’s display when the PIN code was typed in. His method can spot passwords in way tougher conditions, when the screen isn’t visible, because the algorithm they created is based on a device’s geometry and it can map the position of the digits on a reference image; meaning that it can track the movement of the fingers on the keyboard.
Most of the tests they conducted were on 4 digit codes, but Fu says that Glass could also recognize an eight-digit code as well, at a rate of 78 percent of the cases. He says that the iPhone’s camera makes a great spying tool, but Glass is better, due to the positioning of the camera above the eye; the spy is practically harder to detect.
Google, however, denies these information by saying that Glass makes a lousy spying device because the screen lights up whenever it is used, so you couldn’t record someone without them knowing about it.
But researchers from UMass Lowell say that not Glass is the problem, but the passwords themselves. After all, taping someone from 44 meters away is impossible for Glass, but piece of cake to a $700 Panasonic camcorder with optical zoom. They succeeded to see every password typed in on an iPad, from four stories higher and being across the street from their subject.
Just as expected, the team of researchers also came up with a solution to this problem, and they developed an Android add-on that is able to randomize the lockscreen keyboard of a tablet or phone. The software is called PEK, or Privacy Enhancing Keyboard and will be released as a Google Play app during their Black Hat presentation. Fu says that it would be immoral to ban people from making videos, and it would be easier for software creators to double think the authentication sequences.
But until then, you can simply protect your phone or tablet by safely covering the screen with one hand while introducing the password.