We’ve all been warned about letting people look over your shoulder while you’re entering a PIN code to unlock your mobile device. Now a research team from the University of Massachusetts Lowell has shown how Google Glass, and other similar camera-equipped mobile products, can automate the process for the bad guys, and steal your PIN from across the room.
The UMass Lowell researchers improved passcode theft by analyzing video captured from wearable and mobile devices such as Google Glass, the Samsung Gear smartwatch and the iPhone. The system analyzes the incoming video using a custom video recognition algorithm that detects the shadows from finger taps and uses that information to predict PINs codes. Unlike the standard over-the-shoulder method that requires a direct view of the target device’s display, the UMass method also can be employed at an indirect angle, allowing someone to steal a password while standing at your side.
The system could allow the bad guys to steal your PIN code with a surprising amount of accuracy – An 83% success rate from as far away as three meters. (Almost 10 feet.) Accuracy was improved to 90% when a secondary camera – such as the one in an iPhone was used – or when manual error correction was added to the mix.
While researchers didn’t test stealing longer passwords, they believe they could reach an accuracy rate of 78% when stealing an 8-digit passcode from a mobile device such as the iPad.
Researchers are hoping to convince companies to improve the security of their PIN input screens by taking such steps as randomizing the layout of the entry keypad, or by using unlocking methods such as the Touch ID sensor found in the iPhone 5s.