Go Back   MacRumors Forums > News and Article Discussion > iOS Blog Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Jun 25, 2014, 10:10 AM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Demo of iPad Passcode Theft via Google Glass Highlights Benefits of Touch ID




Looking over a nearby person's shoulder is a common technique used to steal a PIN code for a device that is targeted for imminent theft. But as reported by Wired, a research team from the University of Massachusetts Lowell has taken this shoulder surfing trick to a whole new level by increasing the working distance and automating the process using Google Glass and other similar camera-equipped, mobile products.

The UMass Lowell researchers improved passcode theft by analyzing video captured from wearable and mobile devices such as Google Glass, the Samsung Gear smartwatch and the iPhone. The system anlyzes the incoming video using a custom video recognition algorithm that detects the shadows from finger taps and uses that information to predict PINs codes. Unlike the standard over-the-shoulder method that requires a direct view of the target device's display, the UMass method also can be employed at an indirect angle, allowing someone to steal a password while standing at your side.

UMass researchers capturing PIN codes using Google Glass
(Image from Cyber Forensics Laboratory at University of Massachusetts Lowell)
The system is surprisingly accurate -- allowing a malicious user to capture PIN codes inconspicuously with at least 83 percent accuracy from a distance as far as three meters. This accuracy was improved to more than 90 percent when a sharper camera such as the iPhone was used or manual error correction by the researchers was added to the video analysis.
Quote:
"I think of this as a kind of alert about Google Glass, smartwatches, all these devices," says Xinwen Fu, a computer science professor at UMass Lowell who plans to present the findings with his students at the Black Hat security conference in August. "If someone can take a video of you typing on the screen, you lose everything."
The researchers didn't test longer passwords, but believe they could reach an accuracy rate of 78 percent when stealing an 8-digit password from a device such as the iPad. If you are concerned about password hacking, your best line of defense is to cover your display as you type or when possible do away with a PIN code entirely such as by using the Touch ID fingerprint in the iPhone 5s.

With the results of this study, the researchers hope to convince mobile operating system companies to improve the security of their PIN input screens by taking steps such as randomizing the layout of the keypad.

Apple's Touch ID fingerprint authentication is of course another alternative to traditional passcodes. The feature launched on the iPhone 5s last year and is expected to make its way to the iPad and iPad mini later this year. Aside from increased security compared to passcodes, Touch ID has also increased usage of security features, with Apple noting during its WWDC presentation earlier this month that passcode/Touch ID usage has risen to 83% on the iPhone 5s, up from just 49% passcode usage previously.

Article Link: Demo of iPad Passcode Theft via Google Glass Highlights Benefits of Touch ID
MacRumors is offline   0 Reply With Quote
Old Jun 25, 2014, 10:14 AM   #2
Bearxor
macrumors 6502
 
Join Date: Jun 2007
Randomizing the layout of the keypad for PIN entry is a great idea.
Bearxor is offline   17 Reply With Quote
Old Jun 25, 2014, 10:19 AM   #3
spacemanspifff
macrumors regular
 
Join Date: Jan 2010
Location: SPACE
 
Hey thief - why not try this...

Couldn't these researchers be doing something more worthwhile with their time? I can't see any value in them proving that they can do this kind of thing other than highlighting the possibility of this to would be thieves.

At least Apple is a step ahead of these people with Touch ID.
spacemanspifff is offline   3 Reply With Quote
Old Jun 25, 2014, 10:21 AM   #4
dumbthought
macrumors newbie
 
Join Date: Oct 2012
Yikes!

Such a situation can become impossible to avoid in a crowded place.
dumbthought is offline   1 Reply With Quote
Old Jun 25, 2014, 10:22 AM   #5
AngerDanger
macrumors 65816
 
AngerDanger's Avatar
 
Join Date: Dec 2008
Location: doing the Dada Polka
Google presents the thief of tomorrow! And boy is he ever angsty about his social ineptitude…


Last edited by AngerDanger; Jun 25, 2014 at 04:40 PM.
AngerDanger is offline   5 Reply With Quote
Old Jun 25, 2014, 10:24 AM   #6
2010mini
macrumors 6502a
 
Join Date: Jun 2013
Quote:
Originally Posted by spacemanspifff View Post
Couldn't these researchers be doing something more worthwhile with their time? I can't see any value in them proving that they can do this kind of thing other than highlighting the possibility of this to would be thieves.

At least Apple is a step ahead of these people with Touch ID.
Highlighting security flaws is always a good thing. It helps manufactures and consumers be more aware.
2010mini is offline   12 Reply With Quote
Old Jun 25, 2014, 10:26 AM   #7
Reason077
macrumors 65816
 
Join Date: Aug 2007
Better headline:

"Google demonstrates nefarious device that enables hackers and criminals to steal your personal data."
Reason077 is offline   3 Reply With Quote
Old Jun 25, 2014, 10:29 AM   #8
Yakibomb
macrumors regular
 
Join Date: May 2014
Location: Cape Town
Quote:
Originally Posted by Bearxor View Post
Randomizing the layout of the keypad for PIN entry is a great idea.
This would be great, but I can imagine a large number of users would opt against this as it would increase the time required to login
Yakibomb is offline   3 Reply With Quote
Old Jun 25, 2014, 10:30 AM   #9
Kryckter
macrumors 6502
 
Join Date: Mar 2009
Quote:
Originally Posted by 2010mini View Post
Highlighting security flaws is always a good thing. It helps manufactures and consumers be more aware.
And it reminds me to use my touchID at all times!
__________________
iOS App Developer
Kryckter is offline   1 Reply With Quote
Old Jun 25, 2014, 10:32 AM   #10
kwokaaron
macrumors regular
 
Join Date: Sep 2013
Lesson learnt: Keep your friends close, but your devices closer.
__________________
15" Macbook Pro With Retina Display | iPhone 5 | iPad Mini With Retina Display | iPod Classic
kwokaaron is offline   8 Reply With Quote
Old Jun 25, 2014, 10:32 AM   #11
Yakibomb
macrumors regular
 
Join Date: May 2014
Location: Cape Town
Quote:
Originally Posted by spacemanspifff View Post
Couldn't these researchers be doing something more worthwhile with their time? I can't see any value in them proving that they can do this kind of thing other than highlighting the possibility of this to would be thieves.

At least Apple is a step ahead of these people with Touch ID.
I think this type of research is extremely useful. It creates greater awareness in consumers to the faults in their devices, which in turn leads to companies seeking ways to combat these flaws
Yakibomb is offline   4 Reply With Quote
Old Jun 25, 2014, 10:36 AM   #12
nerdAFK
macrumors regular
 
Join Date: Apr 2014
Quote:
Originally Posted by Bearxor View Post
Randomizing the layout of the keypad for PIN entry is a great idea.
There is indeed an exact Jailbreak tweak which does this.
__________________
Oh
Apple

nerdAFK is offline   2 Reply With Quote
Old Jun 25, 2014, 10:36 AM   #13
macduke
macrumors 68040
 
macduke's Avatar
 
Join Date: Jun 2007
Location: Columbia, MO
Quote:
Originally Posted by Bearxor View Post
Randomizing the layout of the keypad for PIN entry is a great idea.
Great in theory, terrible in practice. Many people can type their passcode without even looking, or at the least very quickly because they know the sequence. If you increase the complexity, more people will opt to not use a passcode at all.

For a pure touch-based visual input method, using a gesture would probably be the hardest to for a machine to decipher from more extreme angles and distances. Otherwise Touch ID is the best choice.

I love it when Apple solves problems before they are even problems.
__________________
15" Retina MacBook Pro / Quad 2.6GHz Core i7 / 16GB / 512GB SSD
128GB iPhone 6 Plus / 64GB iPad Mini Retina LTE / Original iPhone & iPad
Canon 7D / 24-105L / 100-400L / Sony RX100 / Xbox One
macduke is offline   5 Reply With Quote
Old Jun 25, 2014, 10:42 AM   #14
TsunamiTheClown
macrumors 6502
 
Join Date: Apr 2011
Location: On the verge
Her eyes are even closed for style.
__________________
hi there
TsunamiTheClown is offline   0 Reply With Quote
Old Jun 25, 2014, 10:50 AM   #15
zelman
macrumors member
 
Join Date: Jan 2004
Quote:
Originally Posted by nerdAFK View Post
There is indeed an exact Jailbreak tweak which does this.
There's also one that makes your pin the current time. I think that's even better. A password that changes every minute!
zelman is offline   0 Reply With Quote
Old Jun 25, 2014, 10:55 AM   #16
troop231
macrumors 601
 
troop231's Avatar
 
Join Date: Jan 2010
Someone with Google Glass on in a public restroom is asking for trouble, even if they're not 'using' it.
troop231 is offline   1 Reply With Quote
Old Jun 25, 2014, 10:56 AM   #17
UncleSchnitty
macrumors 6502a
 
UncleSchnitty's Avatar
 
Join Date: Oct 2007
What a terrible picture to prove a point. I think its safe to say that I would know who stole my device, and I don't pull my fingers 3 inches away with each button press while my device is on a table. hah. I get the point but if someone is starring at you while you type your password hold your device close, especially if they have their eyes closed as if to say "see Im not looking"

Also watch out for this guy:
__________________
MacPro OctaCore 3.2GHz, 26GB Ram, 250GB Samsung 840 Evo + 160GB Kingston SSD + 3TB HD, 30" Cinema Display; MacBook Air i5;4GB;120SSD; 32GB Wifi iPad Air; 64Gb iPhone 6+; Nexus 7 Wifi 32GB

Last edited by UncleSchnitty; Jun 25, 2014 at 11:08 AM.
UncleSchnitty is offline   2 Reply With Quote
Old Jun 25, 2014, 11:00 AM   #18
gotluck
macrumors 68040
 
gotluck's Avatar
 
Join Date: Dec 2011
Location: East Central Florida
Quote:
Originally Posted by macduke View Post

I love it when Apple solves problems before they are even problems.
This has always been a problem though. Many times you can tell based on fingerprints on the screen or even a regular camera. Glass is just easier way to snoop
gotluck is offline   2 Reply With Quote
Old Jun 25, 2014, 11:06 AM   #19
H2SO4
macrumors 65816
 
Join Date: Nov 2008
I always thought this about CCTV near Chip&Pin pads in supermarkets.
__________________
MP1,1. 30"ACD. 11GB
H2SO4 is offline   1 Reply With Quote
Old Jun 25, 2014, 11:08 AM   #20
Alenore
macrumors regular
 
Join Date: Apr 2013
You mean what people used to do years ago with their cellphone camera to play prank at school? Wow.
Alenore is offline   2 Reply With Quote
Old Jun 25, 2014, 11:12 AM   #21
John.B
macrumors 68040
 
Join Date: Jan 2008
Location: Flyover Country
Don't worry about your iOS passcodes, worry about your credit card PINs. The new chip-and-PIN standard coming to the US puts all responsibility for unauthorized purchases on the cardholder, and this underscores how easy it is for a thief to learn your PIN.
__________________
Apple develops an improved programming language. Google copied Java. Everything you need to know, right there.
MD388LL/A MG632LL/A ME344LL/A MD199LL/A MC572LL/A MD481LL/A FB463LL/A FC060LL/A
John.B is offline   2 Reply With Quote
Old Jun 25, 2014, 11:15 AM   #22
BenTrovato
macrumors 6502a
 
BenTrovato's Avatar
 
Join Date: Jun 2012
Location: Toronto
Wait until Google Glass gets a little fancier.. they'll be stealing a lot more than Passwords.

Inventing something like Touch ID is mandatory unfortunately (or fortunately). Once they develop algorithms they'll be able track people. If you walk to work everyday, G Glass can pick out what people do. For example, if G Glass picks out a man who always stops at Starbucks at 850am. You know he's not home at that time. You know he's about to make a transaction. He may be on social media at that time. Lots of data, becomes a target for theft.

When normal people have access to AI algorithms, how we operate in the world will have to change. Touch ID is only the beginning.
BenTrovato is offline   4 Reply With Quote
Old Jun 25, 2014, 11:16 AM   #23
doelcm82
macrumors 6502a
 
Join Date: Feb 2012
Location: Texas, USA
Quote:
Originally Posted by Yakibomb View Post
This would be great, but I can imagine a large number of users would opt against this as it would increase the time required to login
Randomizing the positions of the numbers is an interesting idea. But it's not a good one for the reason you stated. The biometric approach (TouchID) is a better idea.

Making it harder to unlock your device = Fewer users locking their devices.
Making it easier to unlock your device = More users locking their devices.

Also, anyone who could see your screen when it asks for your unlock code would also see the key layout. Especially since you would enter your unlock code hesitantly.
doelcm82 is offline   3 Reply With Quote
Old Jun 25, 2014, 11:18 AM   #24
H2SO4
macrumors 65816
 
Join Date: Nov 2008
Quote:
Originally Posted by John.B View Post
Don't worry about your iOS passcodes, worry about your credit card PINs. The new chip-and-PIN standard coming to the US puts all responsibility for unauthorized purchases on the cardholder, and this underscores how easy it is for a thief to learn your PIN.
I made a statement about this earlier. It doesn’t seem to have been an issue at all over here in the Uk.
__________________
MP1,1. 30"ACD. 11GB
H2SO4 is offline   1 Reply With Quote
Old Jun 25, 2014, 11:19 AM   #25
John.B
macrumors 68040
 
Join Date: Jan 2008
Location: Flyover Country
Quote:
Originally Posted by macduke View Post
Great in theory, terrible in practice. Many people can type their passcode without even looking, or at the least very quickly because they know the sequence. If you increase the complexity, more people will opt to not use a passcode at all.

For a pure touch-based visual input method, using a gesture would probably be the hardest to for a machine to decipher from more extreme angles and distances. Otherwise Touch ID is the best choice.
The swype-style gesture unlock codes are probably the easiest for someone looking over your shoulder to remember.

IMO, Touch ID makes it easier to have a more complex passcode, because you only need to use it under certain circumstances (i.e. after a restart).
__________________
Apple develops an improved programming language. Google copied Java. Everything you need to know, right there.
MD388LL/A MG632LL/A ME344LL/A MD199LL/A MC572LL/A MD481LL/A FB463LL/A FC060LL/A
John.B is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > iOS Blog Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Forum Jump

All times are GMT -5. The time now is 01:05 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC