Tweet
By Kate Knibbs
Not feeling paranoid enough today? Here you go: Your phone lock screen might actually make it easier for nefarious cyber bandits to steal your passwords.
Researchers at the University of Massachusetts Lowell recently conducted a study illustrating how easy it is to steal phone PINS, even from across the room. They used cameras on Google Glass, an iPhone 5, and a Logitech webcam to test how well these devices can record when people entered their passwords. Glass could detect someone's PIN with 83 percent accuracy from 3 meters away, even when the screen wasn't visible. The webcam correctly recorded passwords with 92 percent accuracy.
The iPhone 5 camera detected the pass code every single time.
Wired talked to Xinwen Fu, a computer scientist working on the project. "I think of this as a kind of alert about Google Glass, smart watches, all these devices," Fu told them. "If someone can take a video of you typing on the screen, you lose everything."
It's not exactly news that people can use their mobile devices to snake your information. The threat of constant, surreptitious surveillance is one of the reasons people are wary of Google Glass.
As Forbesrecently pointed out, hackers have even devised ways to automate over-the-shoulder password theft.
This specific research is freaky because it shows that people can figure out and record your passwords even if they can't see your screen; it offers no respite to the paranoid PIN-typer hunching over and cupping her hand across the top of her phone. And once someone has your phone pass code, they often have a golden ticket to your bank accounts, since ATM PIN's are typically four-digit codes as well.
So, what is to be done? Make your mobile PIN different than your ATM PIN or other important pass codes, for starters.
Choosing a password other than 1234 or 1111 is also something you should've already done, because those passwords are dumb.
For iPhone users, you can turn off the "Simple Pass code" in Settings to give yourself a longer, more complicated password.
For Android, you can choose to unlock your phone via facial recognition if you have Ice Cream Sandwich or higher, or select a more sophisticated lock screen password than the standard four-digit option.
Fu and the UMass researchers created an Android app called Privacy Enhancing Keyboard that will randomize the order of the numbers as they appear on your pass code screen, which would make it much harder to figure out what someone types in. They plan to release it after they give a Black Hat talk on their research. Hopefully their talk will spark increased interest in developing even more sophisticated options to keep passwords secure.
Bill Gates has already patented a potential solution: An anti-camera protection technology that will scan an area for potential cameras and alert device users if they're being recorded.
Not feeling paranoid enough today? Here you go: Your phone lock screen might actually make it easier for nefarious cyber bandits to steal your passwords.
Researchers at the University of Massachusetts Lowell recently conducted a study illustrating how easy it is to steal phone PINS, even from across the room. They used cameras on Google Glass, an iPhone 5, and a Logitech webcam to test how well these devices can record when people entered their passwords. Glass could detect someone's PIN with 83 percent accuracy from 3 meters away, even when the screen wasn't visible. The webcam correctly recorded passwords with 92 percent accuracy.
The iPhone 5 camera detected the pass code every single time.
Wired talked to Xinwen Fu, a computer scientist working on the project. "I think of this as a kind of alert about Google Glass, smart watches, all these devices," Fu told them. "If someone can take a video of you typing on the screen, you lose everything."
It's not exactly news that people can use their mobile devices to snake your information. The threat of constant, surreptitious surveillance is one of the reasons people are wary of Google Glass.
As Forbesrecently pointed out, hackers have even devised ways to automate over-the-shoulder password theft.
This specific research is freaky because it shows that people can figure out and record your passwords even if they can't see your screen; it offers no respite to the paranoid PIN-typer hunching over and cupping her hand across the top of her phone. And once someone has your phone pass code, they often have a golden ticket to your bank accounts, since ATM PIN's are typically four-digit codes as well.
So, what is to be done? Make your mobile PIN different than your ATM PIN or other important pass codes, for starters.
Choosing a password other than 1234 or 1111 is also something you should've already done, because those passwords are dumb.
For iPhone users, you can turn off the "Simple Pass code" in Settings to give yourself a longer, more complicated password.
For Android, you can choose to unlock your phone via facial recognition if you have Ice Cream Sandwich or higher, or select a more sophisticated lock screen password than the standard four-digit option.
Fu and the UMass researchers created an Android app called Privacy Enhancing Keyboard that will randomize the order of the numbers as they appear on your pass code screen, which would make it much harder to figure out what someone types in. They plan to release it after they give a Black Hat talk on their research. Hopefully their talk will spark increased interest in developing even more sophisticated options to keep passwords secure.
Bill Gates has already patented a potential solution: An anti-camera protection technology that will scan an area for potential cameras and alert device users if they're being recorded.