Researchers crack iPad PINs by tracking the fingers that enter them

What's the easiest way to find out someone's password? Watch them enter it, of course, using the simple hacking technique known as shoulder surfing. Cameras and software have successfully been used by researchers to automate and improve the accuracy of snooping on smartphone users with such observational methods, but they require a direct line-of-sight to work. Now, as Wired reports, a group at the University of Massachusetts Lowell has developed a way to capture iPad passcodes without needing any kind of on-screen cue. A camera is still required, but because the position of the lockscreen keypad is static, their software references finger movement against tablet orientation to estimate the PIN by the way it's entered.

Using Google Glass to emphasize how this could done quite inconspicuously, researchers found video from the wearable could capture a four-digit PIN from three meters away (nearly ten feet) 83 percent of the time (or over 90 percent with a little human help). Figures were similar using one of Samsung's camera-equipped smartwatches, and at the same distance, video from an iPhone 5 increased the success rate to 100 percent. Better cameras unsurprisingly produced better results, and at 44 meters (around 144 feet), a $700 camcorder and a little elevation also scored 100 percent on the test. Understanding that some might be genuinely worried about this kind of carry on, the same researchers are currently developing an Android app that randomizes the layout of the PIN-entry keypad, which they plan to release at the same time they present their work at the Black Hat USA conference in August.