Researchers Develop New Way To Steal Passwords Using Google Glass

← Back to Stories (view on slashdot.org)

Researchers Develop New Way To Steal Passwords Using Google Glass

Posted by samzenpus on Monday July 7, 2014 @09:33AM from the let's-see-what-you-typed-there dept.

mpicpp writes with a story about researchers who have developed a way to steal passwords using video-capturing devices.Cyber forensics experts at the University of Massachusetts in Lowell have developed a way to steal passwords entered on a smartphone or tablet using video from Google's face-mounted gadget and other video-capturing devices. The thief can be nearly ten feet away and doesn't even need to be able to read the screen — meaning glare is not an antidote. The security researchers created software that maps the shadows from fingertips typing on a tablet or smartphone. Their algorithm then converts those touch points into the actual keys they were touching, enabling the researchers to crack the passcode. They tested the algorithm on passwords entered on an Apple iPad, Google's Nexus 7 tablet, and an iPhone 5.

23 of 116 comments (clear)

Min score:

Reason:

Sort:

That does it by cheesybagel · 2014-07-07 09:36 · Score: 2, Insightful

Time to trademark a 'No Glass Allowed' symbol.
1. Re:That does it by swillden · 2014-07-07 10:04 · Score: 5, Funny
  
  Time to trademark a 'No Glass Allowed' symbol.
  Better make it "No Cameras Allowed". Which, incidentally, also means "No Smartphones or Tablets Allowed", since they all have cameras... which would actually eliminate the risk of passwords being stolen as they're entered into a smartphone or tablet, since no smartphones or tablets are allowed. Problem solved!
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
2. Re:That does it by swillden · 2014-07-07 13:04 · Score: 2
  
  Better make it "No Cameras Allowed". Which, incidentally, also means "No Smartphones or Tablets Allowed", since they all have cameras... which would actually eliminate the risk of passwords being stolen as they're entered into a smartphone or tablet, since no smartphones or tablets are allowed. Problem solved!
  Shut up, glasshole.
  Jealous, much? Actually, I don't have Google Glass... but I'm hoping to get one for Christmas this year. Neener neener!
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
3. Re:That does it by meerling · 2014-07-07 13:35 · Score: 2
  
  This has nothing to do with google glass, other than a headline whore trying to hype his article.
  Any video capture device, like every smartphone, security camera, and other form of video camera on the planet can be used for this.
4. Re:That does it by meerling · 2014-07-07 13:37 · Score: 2
  
  Funny thing that, it's mostly people without the google glass that are acting like the last 7 letters of your post.
5. Re:That does it by rtb61 · 2014-07-08 00:23 · Score: 2
  
  Of course if you are entering a password whilst using an augmented reality device only you can see what you are doing and why you are doing it. So only way to defeat all those countless surveillance cameras http://www.telegraph.co.uk/tec... , http://www.nbcnews.com/id/4416.... Perhaps google glass isn't the problem perhaps the problem already exists.
  
  --
  Chaos - everything, everywhere, everywhen
Watching them enter the passcode. by Anonymous Coward · 2014-07-07 09:38 · Score: 5, Funny

TLDR - Researchers steal passwords by watching them being entered.
1. Re:Watching them enter the passcode. by rmdingler · 2014-07-08 00:48 · Score: 2
  
  TLDR - Researchers steal passwords by watching them being entered.
  Solution: EVERYBODY PANIC!
  Or.
  Put the goddamn phone down in public, pay attention, and hell, start an old fashioned conversation once in a while.
  You are welcome on my lawn, but watch your step. We don't allow the dogs the use of our indoor plumbing.
  
  --
  Happiness in intelligent people is the rarest thing I know.
  Ernest Hemingway
I've always thought by Registered+Coward+v2 · 2014-07-07 09:40 · Score: 4, Interesting

electronic keypads should randomize the numeric order and that the device should not mirror the letter typed on the inout line or on the keypad.

--
I'm a consultant - I convert gibberish into cash-flow.
1. Re:I've always thought by Wootery · 2014-07-07 09:53 · Score: 3, Insightful
  
  That's why you'd have it opt-in. Let the security-conscious lead the way.
2. Re:I've always thought by ArcadeMan · 2014-07-07 09:57 · Score: 2
  
  Being able to customize the keyboard based on the current input required is one of the best feature of virtual keyboards. I thought everyone would be randomizing the keyboard for the "password" field by now.
  
  --
  Get free satoshi (Bitcoin) and Dogecoins
3. Re:I've always thought by cameloid · 2014-07-07 11:26 · Score: 2
  
  If you let muppets choose, then that's where it usually falls apart.
  
  --
  -- Cisk for the Cisk God
Google Glass only? by tomhath · 2014-07-07 09:44 · Score: 4, Insightful

I suppose you can be more subtle about it, but really any video cam would work just as well. Especially if you set it up near a place where people will be typing a useful password instead of loitering and staring at people.
1. Re:Google Glass only? by oodaloop · 2014-07-07 09:56 · Score: 3, Informative
  
  I know, I must be new here and everything, but it does in the first sentence of the fantastic summary, "and other video-capturing devices".
  
  --
  Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
2. Re:Google Glass only? by Jason+Levine · 2014-07-08 00:47 · Score: 2
  
  Step 1: Put on a dress shirt (or any shirt with a pocket on the front).
  Step 2: Start your camera video recording and put it on your pocket (camera facing out, of course).
  Step 3: Wait in line behind the person and position yourself so that you have a good view but also so that it's not obvious what you are doing. Pretend to be looking at something else. (Look at your watch or a book or something.)
  Step 4: Review the footage later and get the person's password or PIN.
  Wouldn't be hard to do, really.
  
  --
  My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Cover your input by briancox2 · 2014-07-07 09:46 · Score: 4, Insightful

For the last couple of years I have been completely covering any input I give to a phone unlock or ATM PIN given. With cameras everywhere, this was only a matter of time.

--
We should learn what we need to know about issues, before we decide what we need to feel about them.
1. Re:Cover your input by Hamsterdan · 2014-07-07 10:29 · Score: 3, Funny
  
  Damn you! When I tried to cover my hand with the other one, my phone dropped to the floor...
  
  --
  I've got better things to do tonight than die.
Sensationalistic title and duh! by pr0t0 · 2014-07-07 09:47 · Score: 5, Insightful

As the video points out, this is not limited to Google Glass, any video capturing device will work. But beyond that, this is really kind of obvious. Yeah, video recording someone entering their password on a touch device will give you a fairly accurate idea of what that password is. Record, playback at 1/4 speed, password. I would bet that security camera footage might even be better to work with due to the angle. The custom software I suppose is a nice achievement, but I would guess it's not all that necessary.

--
I'm sorry, but your opinion seems to be wrong.
1. Re:Sensationalistic title and duh! by DraugTheWhopper · 2014-07-07 10:09 · Score: 2
  
  In other news, professional behavioral psychologists teach a new dog old tricks.
  http://blogs.mcafee.com/consumer/smartphone-pin-codes
  http://www.syssec.rub.de/media/emma/veroeffentlichungen/2014/06/30/GraphNeighbors-Sicherheit14.pdf
2. Re:Sensationalistic title and duh! by Sperbels · 2014-07-07 11:02 · Score: 3, Funny
  
  Don't interrupt the Glass hating. Glass is evil. Look at all these new avenues of terrorism it makes available to the common man.
This is why genital recognition is needed. by Anonymous Coward · 2014-07-07 09:55 · Score: 2, Funny

The fact that the device is out in the open when the password is entered is the problem here.
There's one technology that solves this problem, and that technology is genital recognition. It works like a password, but it depends on the unique pattern exhibited by each individual's genitalia.
When a password needs to be entered, the user puts the phone down his or her pants/skirt/dress/whatever, and presses the screen against his or her genitalia. The pattern is then analyzed and compared against known data points modeling the genitalia. If there is a match, then the authentication succeeds. If there is not a match, then the authentication fails.
The important thing to remember is that the authentication happens in a secure area: within one's underwear. This helps prevent observers from deducing the password based on visible effects such as shadows and reflections.
1. Re:This is why genital recognition is needed. by FatdogHaiku · 2014-07-07 10:49 · Score: 2
  
  Bicycle seats do not make contact with one's genitals, regardless of gender.
  You would think that but:
  https://www.google.com/search?q=World+Naked+Bike+Ride&num=30&newwindow=1&safe=off&source=lnms&tbm=isch&sa=X&ei=xSK7U_LMO8n0oATDrYKgDw&ved=0CAgQ_AUoAQ&biw=961&bih=460
  
  There is not a can of lysol or bottle of purell to be had in that city on the day after the event...
  
  --
  You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
Let me fix that for you by bl968 · 2014-07-07 10:58 · Score: 3, Insightful

Researchers Develop New Way To Steal Passwords Using a video camera

--
"GET / HTTP/1.0" 200 51230 "-" "Mozilla/4.0 (compatible; Setec Astronomy)"