Demo of iPad Passcode Theft via Google Glass Highlights Benefits of Touch ID

by

Looking over a nearby person's shoulder is a common technique used to steal a PIN code for a device that is targeted for imminent theft. But as reported by Wired, a research team from the University of Massachusetts Lowell has taken this shoulder surfing trick to a whole new level by increasing the working distance and automating the process using Google Glass and other similar camera-equipped, mobile products.

The UMass Lowell researchers improved passcode theft by analyzing video captured from wearable and mobile devices such as Google Glass, the Samsung Gear smartwatch and the iPhone. The system anlyzes the incoming video using a custom video recognition algorithm that detects the shadows from finger taps and uses that information to predict PINs codes. Unlike the standard over-the-shoulder method that requires a direct view of the target device's display, the UMass method also can be employed at an indirect angle, allowing someone to steal a password while standing at your side.

google-glass-pin-spying

UMass researchers capturing PIN codes using Google Glass
(Image from Cyber Forensics Laboratory at University of Massachusetts Lowell)

The system is surprisingly accurate -- allowing a malicious user to capture PIN codes inconspicuously with at least 83 percent accuracy from a distance as far as three meters. This accuracy was improved to more than 90 percent when a sharper camera such as the iPhone was used or manual error correction by the researchers was added to the video analysis.

“I think of this as a kind of alert about Google Glass, smartwatches, all these devices,” says Xinwen Fu, a computer science professor at UMass Lowell who plans to present the findings with his students at the Black Hat security conference in August. “If someone can take a video of you typing on the screen, you lose everything.”

The researchers didn't test longer passwords, but believe they could reach an accuracy rate of 78 percent when stealing an 8-digit password from a device such as the iPad. If you are concerned about password hacking, your best line of defense is to cover your display as you type or when possible do away with a PIN code entirely such as by using the Touch ID fingerprint in the iPhone 5s.

With the results of this study, the researchers hope to convince mobile operating system companies to improve the security of their PIN input screens by taking steps such as randomizing the layout of the keypad.

Apple's Touch ID fingerprint authentication is of course another alternative to traditional passcodes. The feature launched on the iPhone 5s last year and is expected to make its way to the iPad and iPad mini later this year. Aside from increased security compared to passcodes, Touch ID has also increased usage of security features, with Apple noting during its WWDC presentation earlier this month that passcode/Touch ID usage has risen to 83% on the iPhone 5s, up from just 49% passcode usage previously.

Top Rated Comments

(View all)
Avatar
80 months ago
Randomizing the layout of the keypad for PIN entry is a great idea.
Score: 17 Votes (Like | Disagree)
Avatar
80 months ago

Couldn't these researchers be doing something more worthwhile with their time? I can't see any value in them proving that they can do this kind of thing other than highlighting the possibility of this to would be thieves.

At least Apple is a step ahead of these people with Touch ID.


Highlighting security flaws is always a good thing. It helps manufactures and consumers be more aware.
Score: 12 Votes (Like | Disagree)
Avatar
80 months ago
Lesson learnt: Keep your friends close, but your devices closer. :D
Score: 8 Votes (Like | Disagree)
Avatar
80 months ago

Randomizing the layout of the keypad for PIN entry is a great idea.


Great in theory, terrible in practice. Many people can type their passcode without even looking, or at the least very quickly because they know the sequence. If you increase the complexity, more people will opt to not use a passcode at all.

For a pure touch-based visual input method, using a gesture would probably be the hardest to for a machine to decipher from more extreme angles and distances. Otherwise Touch ID is the best choice.

I love it when Apple solves problems before they are even problems.
Score: 5 Votes (Like | Disagree)
Avatar
80 months ago
Google presents the thief of tomorrow! And boy is he ever angsty about his social ineptitude…

Score: 5 Votes (Like | Disagree)
Avatar
80 months ago
Wait until Google Glass gets a little fancier.. they'll be stealing a lot more than Passwords.

Inventing something like Touch ID is mandatory unfortunately (or fortunately). Once they develop algorithms they'll be able track people. If you walk to work everyday, G Glass can pick out what people do. For example, if G Glass picks out a man who always stops at Starbucks at 850am. You know he's not home at that time. You know he's about to make a transaction. He may be on social media at that time. Lots of data, becomes a target for theft.

When normal people have access to AI algorithms, how we operate in the world will have to change. Touch ID is only the beginning.
Score: 4 Votes (Like | Disagree)

Top Stories

Apple Announces New 27-Inch iMac With 10th-Gen Processors, Up to 128GB RAM, 1080p Webcam, True Tone, and More

Tuesday August 4, 2020 8:07 am PDT by
Apple today announced a new 27-inch iMac with faster 10th-generation Intel Core processor options, next-generation AMD graphics, up to 128GB of RAM, a higher-resolution 1080p front-facing FaceTime camera, a True Tone display with a nano-texture glass option, a T2 chip, higher fidelity speakers, studio-quality microphones, and more. A breakdown of the new 27-inch iMac's features and specs:10th...

8 Third-Party Home Screen Widgets That You Can Try Out Now on iOS 14

Wednesday August 5, 2020 12:56 pm PDT by
One of the biggest new features of iOS 14 is Home Screen widgets, which provide information from apps at a glance. The widgets can be pinned to the Home Screen in various spots and sizes, allowing for many different layouts. When the iOS 14 beta was first released in June, widgets were limited to Apple's own apps like Calendar and Weather, but several third-party developers have begun to test ...

Everything New in iOS 14 Beta 4: Apple TV Widget, Search Improvements, Exposure Notification API and More

Tuesday August 4, 2020 11:14 am PDT by
Apple today released the fourth developer betas of iOS and iPadOS 14 for testing purposes, tweaking and refining some of the features and design changes included in the update. Changes get smaller and less notable as the beta testing period goes on, but there are still some noteworthy new features in the fourth beta, which we've highlighted below. - Apple TV widget - There's a new Apple TV...

Apple May Launch This Year's 'iPhone 12' Lineup in Two Stages, With 6.1-inch Models Debuting First

Monday August 3, 2020 3:14 am PDT by
Apple last week confirmed that its "‌iPhone‌ 12" launch will be delayed this year due to the ongoing global health crisis and restrictions on travel. Apple last year started selling iPhones in late September, but this year, Apple projects supply will be "available a few weeks later," suggesting a release sometime in October. We're expecting a total of four OLED iPhones in 5.4, 6.1, and...

Apple Explains Why You Might See 'Not Charging' When a Mac is Plugged In

Monday August 3, 2020 1:42 pm PDT by
If you have a Mac and have seen a "Not Charging" warning when plugging it in to power, Apple last week released a support document that explains why. Macs running macOS 10.15.5 or later have a Battery Health Management feature to preserve the life of the battery, and occasionally, the Battery Health Management option will cause the Mac to pause its charging for calibration purposes.Depending ...

Supposed iPhone 12 Display Unit Leaks

Thursday August 6, 2020 8:13 am PDT by
An image supposedly of an iPhone 12 display unit has been shared online by leaker "Twitter user Mr. White". Compared to images of an iPhone 11 Pro display piece, this new unit has a reoriented display connector, reaching up from the bottom of the display, rather than from the left-hand side on iPhone 11 Pro. This may be due to the logic board moving to the other side of the device. A...

Google's $349 Pixel 4a vs. Apple's $399 iPhone SE

Wednesday August 5, 2020 1:45 pm PDT by
Google this week launched its newest smartphone, the $349 Pixel 4a, a low-cost device that's designed to compete with other affordable devices like Apple's iPhone SE. We picked up one of the new Pixel 4a smartphones and thought we'd check it out to see how it measures up to the iPhone SE, given that the two devices have such similar price points. Subscribe to the MacRumors YouTube channel ...

Apple-Acquired Dark Sky Officially Shuts Down Android App

Saturday August 1, 2020 3:43 pm PDT by
Apple in March purchased weather app Dark Sky, and at that time, Dark Sky's developers said that the app's Android version would be discontinued on July 1, 2020. However, instead of shuttering the app on that date, the app's developers announced that the discontinuation would be delayed for another month. Now that it's August, Android users are no longer able to access the app, and...

Samsung Launches Galaxy Note 20, Galaxy Z Fold 2, and Galaxy Buds to Compete With Apple's iPhones and AirPods Pro

Wednesday August 5, 2020 10:07 am PDT by
Samsung today held a virtual Galaxy Unpacked event where it unveiled its next-generation smartphones that will compete with Apple's 2020 iPhone lineup, set to come out in the fall. Samsung announced the launch of the Galaxy Note 20 and the Galaxy Note 20 Ultra, the two newest devices in the Note lineup, and, more notably, the Galaxy Z Fold 2, Samsung's latest foldable smartphone. The...

Alleged 'iPhone 12' Images Depict Circular Array of Magnets in Chassis

Wednesday August 5, 2020 4:39 am PDT by
New images shared on Weibo appear to show a circular array of magnets housed inside an "iPhone 12" chassis. The unverified images depict 36 individual magnets in a circular arrangement, suggesting they could be related to mounting or charging. EverythingApplePro, who shared the Weibo-originating images on Twitter, also posted an image of an alleged iPhone 12 case with a similar array of...