ShoulderSurfing
Latest
iSpy software can read texts and steal passwords with its little eye (video)
We spy, with our bleary eye, a new piece of software that could make it dramatically easier to steal personal data. The program, known as iSpy, allows devious voyeurs to remotely identify and read text typed on touchscreen displays. That, in and of itself, isn't exactly new, but iSpy takes shoulder surfing to slightly terrifying new areas -- namely, those beyond the "shoulder." Developed by Jan-Michael Frahm and Fabian Monrose of the UNC-Chapel Hill, this program, like those before it, takes advantage of the magnified keys found on most touchscreens. All you'd have to do is point a camera at someone else's screen and iSpy will automatically record whatever he or she types by stabilizing the video footage and identifying the enlarged keys. If you're using a smartphone camera, you'll be able to eavesdrop from up to three meters away, but if you opt for a more heavy duty DSLR device, you could steal passwords from up to 60 meters away. The software can also recognize any words typed into a device, and, according to its architects, can identify letters with greater than 90 percent accuracy. When used with a DSLR camera, iSpy can even pick up on reflections of touchscreens in sunglasses or window panes from up to 12 meters away. To avoid this, Frahm and Monrose recommend disabling the magnified key function on your smartphone, or using some sort of screen shield. We recommend checking out a video of the program, after the break.
Stanford's EyePassword helps fight "shoulder-surfing" at the ATM
Gaze-based password entry might sound like a chore -- and we can't say we find the fact of aligning our eyes with an on-screen ATM keyboard all that practical -- but if it means we can finally avoid that awkward moment at the cash machine where we block the keypad view from that shifty-looking sixth grader standing next to us, it just might be worth it. Stanford University has folks working on just such a solution to the dreaded "shoulder-surfing" at ATMs, and has come up with EyePassword. They're testing some systems that track your eyeballs in a variety of ways to perform PIN input, and while the resulting study shows that input times are slowed a little, the system does indeed make "eavesdropping by a malicious observer largely impractical." Of course, there's no telling when something like this will hit your neighborhood deli.[Via New Scientist]
