Experts ciberforenses of the University of Massachusetts at Lowell have developed a way to stealpasswords introduced a phone smart tablet or video using the Google Goggles and other devices to record video. The thief may be nearly ten feet away and not even need to read the screen .
Researchers at security created a software that maps the shadows of the fingertips touching the tablet orsmartphone . Their algorithm then converts these points of contact in the real keys were touched, allowing researchers to decipher the code.
The algorithm was tested on passwords entered in a Apple iPad and a Google Nexus 7, as well as aniPhone 5 .
Why should we care? “We could get the password of your bank account, “said researcher Xinwen Fu.
The software can be applied to video recorded on a variety of devices: Fu and his team experimented withGoogle Glass , video phone cell , a webcam and a video camera. The system worked even with a camcorder that recorded at a distance of 40 meters.
Of course, point to a stranger with a video camera might arouse some suspicion, but the rise oftechnology laptop is what this approach really viable. A smartwatch , for example, could surreptitiously record someone typing on his phone at a cafeteria without attracting much attention.
Fu said that Google Glass greatly facilitates this type of vulnerability. “The most important thing here is the angle. For this attack to be successful the attacker must be able to adjust the angle to make a better video … watch your fingers, and steal the password “she explains.
CNNMoney put to test their software. We installed in our corporate cafeteria to a security researcher carrying glasses Google Glass 2.5 meters away from our Board iPad.
Fu and colleagues said they could identify the password with a 100% certainty if recording the login process (when you enter the code) three times. Also tested the software with Google Goggles on a robot, if the movement of the head researcher it was suspicious.
In less than 10 minutes were able to accurately identify our password, 5-1-2-0. (It usually takes less time, but the correspondent Laurie Segall of CNNMoney Tech has short nails, creating less shade so that the analyzed software. But yet they could decipher it.)
The main vulnerability detected by the people of Fu is that the keys are always in the same place on the keyboard. There are tools that can randomize the location of the keys on the keyboard, so that a “9” may appear usually located where a “1”, but are not very common. The objective of this work is to make such protections are most used.
The research will be presented next month at the security conference cyber Black Hat .