Remember the kid who tried to cheat by looking over your shoulder to copy your test answers? he’s back!
But this time he’s wearing google glass — and he’s after your iPad pin.
You’re at a coffee shop, reading the iPad? You enter your password and start browsing? Pretty basic protocol these days.
Welcome to a brave new world? Ten feet across from you? A hacker could steal your password using new technology?
They see the screen, they see your finger, and pretty much your passcode is stolen.
Using Google glass – or any other recording device, like cell phone video or a camcorder – security researcher Xinwen Fu can crack your pin.
He’s developed software that can break down hand movements from video. you type, he records. Doesn’t matter if there’s glare. Doesn’t even matter if he can’t see the screen.
The process is now easier by the rise of wearable tech, which makes it simple to discretely record hand movements.
Glass is on your head so people can easily adjust the angle and take the picture.
Here’s how it works.
If we know the position of the finger then we know the position of the finger on the keyboard, the position you touch is a key so we call that touch point.We can actually match this touch point to a reference keyboard to an actual keyboard and we get your key.
We put it to the test using the same device Xinwen used when he was developing his software: Google Glass. We put them on a robot and then a real-world attacker. each tried to hack us.
So you have just analyzed the data that you took via Google Glass. You assure me that you didn’t see the actual numbers I was typing in. But you say that you have my passcode
: Hit me with it.
He told me it could take him two guesses.
So the first one is 5-1-2-0.
It took him one.
You’re right. That was my password.
I mean you don’t have access to my device so what is that gonna do?
So we only use the passcode as one example to demonstrate the danger. What if you actually used mobile banking to type in your password and access your banking?
So that’s very dangerous. We may steal your passwords. Your bank account password.
The vulnerability, Xinwen says, is that keys are always in the same place. There are tools for randomizing the location of keys on a keyboard, and that would make something like this impossible. those tools aren’t widespread, but Xinwen hopes exposing the dangers will lead to solutions.
(Copyright 2014 KTSF. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)