Google Glass wearers can steal your ATM passcode with a glance from 10 feet away
by Julie Wilson
(NaturalNews) As privacy continues to dwindle, researchers have discovered yet another form of invasion, and it's a serious one. Personal information in the 20th century is protected by passwords entered into electronic devices, a convenient process that comes at a price.
Already vulnerable to government surveillance sweeps and hackers, your personal information can also be compromised by video-recording devices, one of those being Google Glass.
Researchers at the University of Massachusetts Lowell found that video-recording devices like Google Glass and the Samsung smartwatch are capable of deciphering four-digit PIN codes typed into electronic devices from across the room. These devices, sometimes called "wearables," were able to decipher codes typed into an iPad from almost 10 feet away, and 150 feet with a high-def camcorder, reported WIRED.
The identifying software, which uses a custom-coded video recognition algorithm to track the shadows of finger movements while entering passcodes, does not require access to the device's screen. Instead, the technology relies on knowledge of the keyboard's geometry and the shadow-detecting algorithm to decipher codes with impeccable accuracy while they're being entered.
Google Glass was able to spot four-digit PIN numbers from 3 meters away 83 percent of the time, and with nearly 100 percent accuracy after manual errors were corrected.
The team of researchers tested multiple video-enabled devices including the iPhone 5 and a $72 Logitech webcam. Somewhat surprisingly, the webcam proved capable of revealing the code 92 percent of the time, while the iPhone's sharper camera snatched the code in every case.
Only tested a few times, the Samsung smartwatch caught the PIN just about as often as Google Glass.
Xinwen Fu, a computer science professor at UMass Lowell, said the older video tools required specific positioning, meaning they were unable to grab passcodes from too far of a distance or from indirect angles. However, in cases where visibility of the device's screen is not available, Fu and his team's video recognition software decoded the passwords based on "its understanding of an iPad's geometry and the position of the user's fingers," according to WIRED's report
The technology "maps its image of the angled iPad onto a 'reference' image of the device, then looks for the abrupt down and up movements of the dark crescents that represent the fingers' shadows."
Fu plans to present his findings with his students at the Black Hat security conference in August, the "most technical and relevant global information security event series in the world."
The "Black Hat Briefings" began 16 years ago to provide security professionals a place to educate themselves on the very latest in "information security research, development, and trends in a strictly vendor-neutral environment," according to their website.
One thing the study left out was testing longer passwords, but based on "Glass's recognition of [individual] characters," Fu believes it could decipher eight-character passwords on the iPad's QWERTY keyboard nearly 80 percent of the time.
Fu notes that Glass's eye-level positioning provides a better angle for grabbing passcodes and acts much more discreetly than other video-recording tools.
"Any camera works, but you can't hold your iPhone over someone to do this," added Fu. "Because Glass is on your head, it's perfect for this kind of sneaky attack."
Google of course disputes Fu's claims, insisting that stealing passwords by watching people type them in is nothing new.
"We designed Glass with privacy in mind. The fact that Glass is worn above the eyes and the screen lights up whenever it's activated clearly signals it's in use and makes it a fairly lousy surveillance device," said a spokesman for Google.
The researchers came up with a solution for stealing passcodes in this matter with the expected launch of an Android-add on "that randomizes the layout of a phone or tablet's lockscreen keyboard."
The Privacy Enhancing Keyboard (PEK) is expected to launch as an app in Google Play's store and as an Android operating system update during the Black Hat conference.
"You can't prevent people from taking videos," said Fu. "But for the research community, we need to think about how we design our authentication in a better way." SOURCE