Looking over a nearby person's shoulder is a common technique used to steal a PIN code for a device that is targeted for imminent theft. But as reported by Wired, a research team from the University of Massachusetts Lowell has taken this shoulder surfing trick to a whole new level by increasing the working distance and automating the process using Google Glass and other similar camera-equipped, mobile products.

The UMass Lowell researchers improved passcode theft by analyzing video captured from wearable and mobile devices such as Google Glass, the Samsung Gear smartwatch and the iPhone. The system anlyzes the incoming video using a custom video recognition algorithm that detects the shadows from finger taps and uses that information to predict PINs codes. Unlike the standard over-the-shoulder method that requires a direct view of the target device's display, the UMass method also can be employed at an indirect angle, allowing someone to steal a password while standing at your side.

google-glass-pin-spying

UMass researchers capturing PIN codes using Google Glass
(Image from Cyber Forensics Laboratory at University of Massachusetts Lowell)

The system is surprisingly accurate -- allowing a malicious user to capture PIN codes inconspicuously with at least 83 percent accuracy from a distance as far as three meters. This accuracy was improved to more than 90 percent when a sharper camera such as the iPhone was used or manual error correction by the researchers was added to the video analysis.

“I think of this as a kind of alert about Google Glass, smartwatches, all these devices,” says Xinwen Fu, a computer science professor at UMass Lowell who plans to present the findings with his students at the Black Hat security conference in August. “If someone can take a video of you typing on the screen, you lose everything.”

The researchers didn't test longer passwords, but believe they could reach an accuracy rate of 78 percent when stealing an 8-digit password from a device such as the iPad. If you are concerned about password hacking, your best line of defense is to cover your display as you type or when possible do away with a PIN code entirely such as by using the Touch ID fingerprint in the iPhone 5s.

With the results of this study, the researchers hope to convince mobile operating system companies to improve the security of their PIN input screens by taking steps such as randomizing the layout of the keypad.

Apple's Touch ID fingerprint authentication is of course another alternative to traditional passcodes. The feature launched on the iPhone 5s last year and is expected to make its way to the iPad and iPad mini later this year. Aside from increased security compared to passcodes, Touch ID has also increased usage of security features, with Apple noting during its WWDC presentation earlier this month that passcode/Touch ID usage has risen to 83% on the iPhone 5s, up from just 49% passcode usage previously.

Top Rated Comments

Bearxor Avatar
91 months ago
Randomizing the layout of the keypad for PIN entry is a great idea.
Score: 17 Votes (Like | Disagree)
2010mini Avatar
91 months ago
Couldn't these researchers be doing something more worthwhile with their time? I can't see any value in them proving that they can do this kind of thing other than highlighting the possibility of this to would be thieves.

At least Apple is a step ahead of these people with Touch ID.

Highlighting security flaws is always a good thing. It helps manufactures and consumers be more aware.
Score: 12 Votes (Like | Disagree)
kwokaaron Avatar
91 months ago
Lesson learnt: Keep your friends close, but your devices closer. :D
Score: 8 Votes (Like | Disagree)
macduke Avatar
91 months ago
Randomizing the layout of the keypad for PIN entry is a great idea.

Great in theory, terrible in practice. Many people can type their passcode without even looking, or at the least very quickly because they know the sequence. If you increase the complexity, more people will opt to not use a passcode at all.

For a pure touch-based visual input method, using a gesture would probably be the hardest to for a machine to decipher from more extreme angles and distances. Otherwise Touch ID is the best choice.

I love it when Apple solves problems before they are even problems.
Score: 5 Votes (Like | Disagree)
AngerDanger Avatar
91 months ago
Google presents the thief of tomorrow! And boy is he ever angsty about his social ineptitude…

Score: 5 Votes (Like | Disagree)
BenTrovato Avatar
91 months ago
Wait until Google Glass gets a little fancier.. they'll be stealing a lot more than Passwords.

Inventing something like Touch ID is mandatory unfortunately (or fortunately). Once they develop algorithms they'll be able track people. If you walk to work everyday, G Glass can pick out what people do. For example, if G Glass picks out a man who always stops at Starbucks at 850am. You know he's not home at that time. You know he's about to make a transaction. He may be on social media at that time. Lots of data, becomes a target for theft.

When normal people have access to AI algorithms, how we operate in the world will have to change. Touch ID is only the beginning.
Score: 4 Votes (Like | Disagree)

Top Stories

EEC Apple iphone 13

Apple Registers iPhone 13 Models in Eurasia Ahead of September Launch

Friday June 11, 2021 2:16 am PDT by
Nashville Chatter Class has discovered a new Russian-language regulatory filing in the Eurasian Economic Commission (EEC) database pointing towards several unreleased iPhone 13 models that Apple will be launching in the fall. Versions of iPhone running iOS 14 are listed with the model numbers A2628, A2630, A2634, A2635, A2640, A2643, and A2645. None of the numbers correspond to Apple's...
ios 15 home screen icons

iOS 15 Lets You Drag and Drop Images and Text Across Apps

Saturday June 12, 2021 3:17 pm PDT by
Apple this week previewed iOS 15, which is available now in beta for developers ahead of a public release later this year. One smaller but useful new feature added is the ability to drag and drop images, text, files, and more across apps on iPhone. MacStories editor-in-chief Federico Viticci demonstrated the new feature in a tweet: Using cross-app drag and drop on iPhone in iOS 15. Finally 🎉 #WW ...
ipad mini 6

Next iPad Mini Will Allegedly Feature Thinner Bezels, USB-C Port, and Touch ID Power Button

Friday June 11, 2021 1:13 pm PDT by
On his newly launched Front Page Tech website, leaker Jon Prosser has shared renders showing off the alleged design of the next-generation iPad mini, which he says are based on schematics, CAD files, and real images of the device. In line with details shared earlier this month by Bloomberg's Mark Gurman and Debby Wu, Prosser claims that the new iPad mini will feature slimmer bezels around...
iphone12protriplelenscamera

Apple's Orders for Key iPhone 13 Camera Component Expected to Outstrip Entire Android Market

Wednesday June 9, 2021 12:47 am PDT by
Major camera upgrades coming to the iPhone 13 series are putting increased pressure on suppliers to meet Apple's demand for key lens components, according to a new DigiTimes report. Apple has reportedly put Taiwan-based makers of voice coil motor (VCM) components on notice to increase their capacity by 30-40% in order to meet the company's demand, which is expected to outstrip the entire...
apple virtual game controller ios 15

Apple Makes New On-Screen Game Controller Available to Developers on iOS 15 and iPadOS 15

Saturday June 12, 2021 12:36 pm PDT by
During the Platforms State of the Union at WWDC this week, Apple unveiled a new API for iOS 15 and iPadOS 15 that enables developers to implement an on-screen virtual game controller in their iPhone and iPad games with just a few lines of code. While many iPhone and iPad games already offer on-screen controls, Apple's new virtual game controller is available to all developers, easy to add,...
macos monterey tidbits feature copy

macOS Monterey Tidbits: Animated Memoji on Login Screen, Change the Color of the Mouse Pointer, and More

Friday June 11, 2021 10:27 am PDT by
We've highlighted several new features coming in macOS Monterey, such as Low Power Mode and the option to erase a Mac without reinstalling the operating system, but there are some smaller tidbits that we wanted to share. Animated Memoji on Login Screen One small but fun new feature in macOS Monterey is the addition of a personalized Memoji on the login screen, complete with animated facial...
mr white ipod touch 5 protoype3

Unreleased iPod Touch 5 With Chamfered Edges and 30-Pin Dock Connector Shared Online

Thursday June 10, 2021 2:05 am PDT by
Occasional leaker Mr White has today shared interesting images on Twitter of what appears to be an old-school fifth-generation iPod touch prototype with chamfered edges and a brushed aluminum finish. The original iPod touch 5 that Apple released in October 2012 had a unibody anodized aluminum chassis with rounded edges, and was available in several colors, including slate. Another...
maxresdefault

Apple Promotes iPad Pro in New Ad With 'The Little Mermaid' Musical Spin

Saturday June 12, 2021 7:01 am PDT by
In a currently unlisted ad on YouTube, Apple is promoting the versatility, portability, and power of the M1 iPad Pro in a fun musical inspired by The Little Mermaid's "Part of Your World" soundtrack. In the ad, which features the main character using an M1 iPad Pro, Magic Keyboard, and Apple Pencil, multiple users can be seen struggling with their old PCs indoors while hoping that they can...
passwords system preferences

macOS Monterey Features Dedicated Password Section in System Preferences, Built-In Authenticator and More

Friday June 11, 2021 2:32 pm PDT by
macOS Monterey makes several improvements to password management, positioning iCloud Keychain as an ideal password service to replace third-party services like Lastpass and 1Password. In System Preferences, there's a new "Passwords" section that houses all of your iCloud Keychain logins and passwords so they're easier to get to, edit, and manage. There's a similar Passwords section that's...
Dark Sky App Featured

Dark Sky iOS App, Website, and API Now Scheduled to Remain Available Until End of 2022

Thursday June 10, 2021 7:34 am PDT by
Last year, Apple acquired the weather app Dark Sky, and shortly after its purchase, Apple shut down the app for Android. Despite the revamped iOS 15 Weather app taking heavy inspiration from Dark Sky, the weather's app standalone iOS app, web app, and API will remain available until the end of next year, compared to the end of this year, as previously planned. Dark Sky announced in an update ...