July 7th, 2014, 17:09 PM
Google Glass wearers can steal your password
Cyber forensics experts at the University of Massachusetts in Lowell have developed a way to steal passwords entered on a smartphone or tablet using video from Google's face-mounted gadget and other video-capturing devices. The thief can be nearly ten feet away and doesn't even need to be able to read the screen -- meaning glare is not an antidote.
The security researchers created software that maps the shadows from fingertips typing on a tablet or smartphone. Their algorithm then converts those touch points into the actual keys they were touching, enabling the researchers to crack the passcode.
They tested the algorithm on passwords entered on an Apple iPad, Google's Nexus 7 tablet, and an iPhone 5.
Why should you be worried?
"We could get your bank account password," researcher Xinwen Fu said.
The software can be applied to video taken on a variety of devices: Fu and his team experimented with Google Glass, cell phone video, a webcam and a camcorder. The software worked on camcorder video taken at a distance of over 140 feet.
Of course, pointing a camcorder in a stranger's face might yield some suspicion. The rise of wearable technology is what makes this approach actually viable. For example, a smartwatch could stealthily record a target typing on his phone at a coffee shop without drawing much attention.
Fu says Google Glass is a game-changer for this kind of vulnerability.
"The major thing here is the angle. To make this attack successful the attacker must be able to adjust the angle to take a better video ... they see your finger, the password is stolen," Fu said.