Latest in Blackhat

Image credit:

Researchers crack iPad PINs by tracking the fingers that enter them

45 Shares
Share
Tweet
Share
Save

Sponsored Links

What's the easiest way to find out someone's password? Watch them enter it, of course, using the simple hacking technique known as shoulder surfing. Cameras and software have successfully been used by researchers to automate and improve the accuracy of snooping on smartphone users with such observational methods, but they require a direct line-of-sight to work. Now, as Wired reports, a group at the University of Massachusetts Lowell has developed a way to capture iPad passcodes without needing any kind of on-screen cue. A camera is still required, but because the position of the lockscreen keypad is static, their software references finger movement against tablet orientation to estimate the PIN by the way it's entered.

Using Google Glass to emphasize how this could done quite inconspicuously, researchers found video from the wearable could capture a four-digit PIN from three meters away (nearly ten feet) 83 percent of the time (or over 90 percent with a little human help). Figures were similar using one of Samsung's camera-equipped smartwatches, and at the same distance, video from an iPhone 5 increased the success rate to 100 percent. Better cameras unsurprisingly produced better results, and at 44 meters (around 144 feet), a $700 camcorder and a little elevation also scored 100 percent on the test. Understanding that some might be genuinely worried about this kind of carry on, the same researchers are currently developing an Android app that randomizes the layout of the PIN-entry keypad, which they plan to release at the same time they present their work at the Black Hat USA conference in August.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
45 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
FCC creates two 'innovation zones' to test next-gen wireless

FCC creates two 'innovation zones' to test next-gen wireless

View
‘Call of Duty’ comes to mobile on October 1st

‘Call of Duty’ comes to mobile on October 1st

View
AT&T reportedly considers offloading its DirecTV satellite unit

AT&T reportedly considers offloading its DirecTV satellite unit

View
T-Mobile’s Sprint merger is opposed by 18 state attorneys general

T-Mobile’s Sprint merger is opposed by 18 state attorneys general

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr