Is Google Glass designed to steal your secrets, including your iPad PIN?
According to cyber forensics experts at the University of Massachusetts in Lowell, they have developed a way to steal passwords entered on a smartphone or tablet using video from Google's face-mounted gadget and other video-capturing devices. The culprit can be as far as ten feet away and doesn't even need to be able to read the screen – meaning glare is not an antidote.
The security researchers created software that maps the shadows from fingertips typing on a tablet or smartphone. Their algorithm then converts those touch points into the actual keys they were touching, enabling the researchers to crack the pass code.
They tested the algorithm on passwords entered on an Apple iPad, Google's Nexus 7 tablet, and an iPhone 5.
Should everyone be worried? Well, they should be.
"We could get your bank account password," researcher Xinwen Fu said.
The software can be applied to video taken on a variety of devices: Fu and his team experimented with Google Glass, cell phone video, a webcam and a camcorder. The software worked on camcorder video taken at a distance of over 140 feet.This means that if somebody points a camcorder on you, those alarm bells should start ringing.
The rise of wearable technology is what makes this approach actually viable. For example, a smartwatch could stealthily record a target typing on his phone at a coffee shop without drawing much attention.
Fu says Google Glass is a game-changer for this kind of vulnerability.
"The major thing here is the angle. To make this attack successful the attacker must be able to adjust the angle to take a better video ... they see your finger, the password is stolen," Fu said.
Google says that it designed Glass with privacy in mind, and it gives clear signals when it is being used to capture video.
"Unfortunately, stealing passwords by watching people as they type them into ATMs and laptops is nothing new," said a Google spokesman in an emailed statement. "The fact that Glass is worn above the eyes and the screen lights up whenever it's activated clearly signals it's in use and makes it a fairly lousy surveillance device."
According to cyber forensics experts at the University of Massachusetts in Lowell, they have developed a way to steal passwords entered on a smartphone or tablet using video from Google's face-mounted gadget and other video-capturing devices. The culprit can be as far as ten feet away and doesn't even need to be able to read the screen – meaning glare is not an antidote.
The security researchers created software that maps the shadows from fingertips typing on a tablet or smartphone. Their algorithm then converts those touch points into the actual keys they were touching, enabling the researchers to crack the pass code.
They tested the algorithm on passwords entered on an Apple iPad, Google's Nexus 7 tablet, and an iPhone 5.
Should everyone be worried? Well, they should be.
"We could get your bank account password," researcher Xinwen Fu said.
The software can be applied to video taken on a variety of devices: Fu and his team experimented with Google Glass, cell phone video, a webcam and a camcorder. The software worked on camcorder video taken at a distance of over 140 feet.This means that if somebody points a camcorder on you, those alarm bells should start ringing.
The rise of wearable technology is what makes this approach actually viable. For example, a smartwatch could stealthily record a target typing on his phone at a coffee shop without drawing much attention.
Fu says Google Glass is a game-changer for this kind of vulnerability.
"The major thing here is the angle. To make this attack successful the attacker must be able to adjust the angle to take a better video ... they see your finger, the password is stolen," Fu said.
Google says that it designed Glass with privacy in mind, and it gives clear signals when it is being used to capture video.
"Unfortunately, stealing passwords by watching people as they type them into ATMs and laptops is nothing new," said a Google spokesman in an emailed statement. "The fact that Glass is worn above the eyes and the screen lights up whenever it's activated clearly signals it's in use and makes it a fairly lousy surveillance device."
Posts
0 comments
Post a Comment