- Software can analyse video taken ten feet away and reveal PIN number
- Technique also works using an iPhone 5, Samsung smartwatch and webcam
16:30 EST, 24 June 2014
17:02 EST, 24 June 2014
Google’s controversial Glass wearable computer can be used to steal people’s PIN codes from ten feet away simply by looking at them, it has been claimed.
Researchers developed special software to analyse the shadows and movements of peoples’ fingers in order to decipher PIN codes entered into tablets and smartphones.
The team also showed the same technique would work using an iPhone 5, Samsung Smartwatch and webcam.
Look out! Researchers say Glass can capture a PIN number using a new analysis app that looks at how a person moves their arms
HOW IT WORKED
A range of gadgets was tested including Google Glass, an iPhone 5, a Samsung smartwatch and a Logitech webcam.
Video captured by Glass produced a correct four digit PIN from three metres away with 83 per cent accuracy (this was improved to more than 90 per cent with manual corrections) while the webcam was accurate 92 per cent of the time.
The research team led by Professor Xinwen Fu of the University of Massachusetts Lowell are set to show off their software at the Blackhat hackers conference.
‘Our spying camera, including Google Glass, can take a video of the victim tapping on the touch screen and automatically recognize more than 90% of the tapped passcodes from three meters away, even if our naked eyes cannot see those passcodes or anything on the touch screen,’ they wrote.
The basic idea, the team said, is to track the movement of the fingertip and use the fingertip’s relative position on the touch screen to recognize the touch input.
‘We carefully analyze the shadow formation around the fingertip, apply other computer vision techniques to automatically track the touching fingertip and locate the touched points.’
The team can then estimate exactly where on the screen the finger is touching.
They say their hack could easily be used in conferencesor even in bars where there are people entering PIN numbers.
The researcher’s diagram showing how they were able to reliably capture PINs with a camcorder from 44 meters away – from a third floor window
‘We are interested in scenarios such as conferences and similar gathering places where a Google Glass, webcam, or smartphone can be used for a stealthy attack.’
The team is also working on a solution – a secure keyboard which appears in a different part of the screen each time iit is used.
‘Any camera works, but you can’t hold your iPhone over someone to do this,’ Fu told Wired magazine.
‘Because Glass is on your head, it’s perfect for this kind of sneaky attack.’
In response to the research Google issued a statement saying: ‘Unfortunately, stealing passwords by watching people as they type them is nothing new. We designed Glass with privacy in mind.
The UMass researchers testing PIN-spying with Google Glass: they found that codes could easily be captured from ten feet away using Glass
‘The fact that Glass is worn above the eyes and the screen lights up whenever it’s activated clearly signals it’s in use and makes it a fairly lousy surveillance device.’
The research team were also able to record PIN codes using the same software from a distance of nearly 150 feet by using a more expensive camcorder with an optical zoom, and were able to capture a target’s PIN from a fourth story window on the other side of the road.