Looking over a nearby person's shoulder is a common technique used to steal a PIN code for a device that is targeted for imminent theft. But as reported by Wired, a research team from the University of Massachusetts Lowell has taken this shoulder surfing trick to a whole new level by increasing the working distance and automating the process using Google Glass and other similar camera-equipped, mobile products.

The UMass Lowell researchers improved passcode theft by analyzing video captured from wearable and mobile devices such as Google Glass, the Samsung Gear smartwatch and the iPhone. The system anlyzes the incoming video using a custom video recognition algorithm that detects the shadows from finger taps and uses that information to predict PINs codes. Unlike the standard over-the-shoulder method that requires a direct view of the target device's display, the UMass method also can be employed at an indirect angle, allowing someone to steal a password while standing at your side.

google-glass-pin-spying

UMass researchers capturing PIN codes using Google Glass
(Image from Cyber Forensics Laboratory at University of Massachusetts Lowell)

The system is surprisingly accurate -- allowing a malicious user to capture PIN codes inconspicuously with at least 83 percent accuracy from a distance as far as three meters. This accuracy was improved to more than 90 percent when a sharper camera such as the iPhone was used or manual error correction by the researchers was added to the video analysis.

“I think of this as a kind of alert about Google Glass, smartwatches, all these devices,” says Xinwen Fu, a computer science professor at UMass Lowell who plans to present the findings with his students at the Black Hat security conference in August. “If someone can take a video of you typing on the screen, you lose everything.”

The researchers didn't test longer passwords, but believe they could reach an accuracy rate of 78 percent when stealing an 8-digit password from a device such as the iPad. If you are concerned about password hacking, your best line of defense is to cover your display as you type or when possible do away with a PIN code entirely such as by using the Touch ID fingerprint in the iPhone 5s.

With the results of this study, the researchers hope to convince mobile operating system companies to improve the security of their PIN input screens by taking steps such as randomizing the layout of the keypad.

Apple's Touch ID fingerprint authentication is of course another alternative to traditional passcodes. The feature launched on the iPhone 5s last year and is expected to make its way to the iPad and iPad mini later this year. Aside from increased security compared to passcodes, Touch ID has also increased usage of security features, with Apple noting during its WWDC presentation earlier this month that passcode/Touch ID usage has risen to 83% on the iPhone 5s, up from just 49% passcode usage previously.

Top Rated Comments

Bearxor Avatar
146 months ago
Randomizing the layout of the keypad for PIN entry is a great idea.
Score: 17 Votes (Like | Disagree)
2010mini Avatar
146 months ago
Couldn't these researchers be doing something more worthwhile with their time? I can't see any value in them proving that they can do this kind of thing other than highlighting the possibility of this to would be thieves.

At least Apple is a step ahead of these people with Touch ID.

Highlighting security flaws is always a good thing. It helps manufactures and consumers be more aware.
Score: 12 Votes (Like | Disagree)
kwokaaron Avatar
146 months ago
Lesson learnt: Keep your friends close, but your devices closer. :D
Score: 8 Votes (Like | Disagree)
macduke Avatar
146 months ago
Randomizing the layout of the keypad for PIN entry is a great idea.

Great in theory, terrible in practice. Many people can type their passcode without even looking, or at the least very quickly because they know the sequence. If you increase the complexity, more people will opt to not use a passcode at all.

For a pure touch-based visual input method, using a gesture would probably be the hardest to for a machine to decipher from more extreme angles and distances. Otherwise Touch ID is the best choice.

I love it when Apple solves problems before they are even problems.
Score: 5 Votes (Like | Disagree)
AngerDanger Avatar
146 months ago
Google presents the thief of tomorrow! And boy is he ever angsty about his social ineptitude…

Score: 5 Votes (Like | Disagree)
BenTrovato Avatar
146 months ago
Wait until Google Glass gets a little fancier.. they'll be stealing a lot more than Passwords.

Inventing something like Touch ID is mandatory unfortunately (or fortunately). Once they develop algorithms they'll be able track people. If you walk to work everyday, G Glass can pick out what people do. For example, if G Glass picks out a man who always stops at Starbucks at 850am. You know he's not home at that time. You know he's about to make a transaction. He may be on social media at that time. Lots of data, becomes a target for theft.

When normal people have access to AI algorithms, how we operate in the world will have to change. Touch ID is only the beginning.
Score: 4 Votes (Like | Disagree)

Popular Stories

iPhone 17 Pro Dark Blue and Orange

iPhone 17 Release Date, Pre-Orders, and What to Expect

Thursday August 28, 2025 4:08 am PDT by
An iPhone 17 announcement is a dead cert for September 2025 – Apple has already sent out invites for an "Awe dropping" event on Tuesday, September 9 at the Apple Park campus in Cupertino, California. The timing follows Apple's trend of introducing new iPhone models annually in the fall. At the event, Apple is expected to unveil its new-generation iPhone 17, an all-new ultra-thin iPhone 17...
xiaomi apple ad india

Apple and Samsung Push Back Against Xiaomi's Bold India Ads

Friday August 29, 2025 4:54 am PDT by
Apple and Samsung have reportedly issued cease-and-desist notices to Xiaomi in India for an ad campaign that directly compares the rivals' devices to Xiaomi's products. The two companies have threatened the Chinese vendor with legal action, calling the ads "disparaging." Ads have appeared in local print media and on social media that take pot shots at the competitors' premium offerings. One...
iPhone 17 Pro Iridescent Feature 2

iPhone 17 Pro Clear Case Leak Reveals Three Key Changes

Sunday August 31, 2025 1:26 pm PDT by
Apple is expected to unveil the iPhone 17 series on Tuesday, September 9, and last-minute rumors about the devices continue to surface. The latest info comes from a leaker known as Majin Bu, who has shared alleged images of Apple's Clear Case for the iPhone 17 Pro and Pro Max, or at least replicas. Image Credit: @MajinBuOfficial The images show three alleged changes compared to Apple's iP...
maxresdefault

The MacRumors Show: iPhone 17's 'Awe Dropping' Accessories

Friday August 29, 2025 8:12 am PDT by
Following the announcement of Apple's upcoming "Awe dropping" event, on this week's episode of The MacRumors Show we talk through all of the new accessories rumored to debut alongside the iPhone 17 lineup. Subscribe to The MacRumors Show YouTube channel for more videos We take a closer look at Apple's invite for "Awe dropping;" the design could hint at the iPhone 17's new thermal system with ...