Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researchers Develop New Way To Steal Passwords Using Google Glass

samzenpus posted about three weeks ago | from the let's-see-what-you-typed-there dept.

Google 116

mpicpp writes with a story about researchers who have developed a way to steal passwords using video-capturing devices.Cyber forensics experts at the University of Massachusetts in Lowell have developed a way to steal passwords entered on a smartphone or tablet using video from Google's face-mounted gadget and other video-capturing devices. The thief can be nearly ten feet away and doesn't even need to be able to read the screen — meaning glare is not an antidote. The security researchers created software that maps the shadows from fingertips typing on a tablet or smartphone. Their algorithm then converts those touch points into the actual keys they were touching, enabling the researchers to crack the passcode. They tested the algorithm on passwords entered on an Apple iPad, Google's Nexus 7 tablet, and an iPhone 5.

cancel ×

116 comments

Sorry! There are no comments related to the filter you selected.

It works (-1)

Anonymous Coward | about three weeks ago | (#47403085)

...Starbucks tested.

That does it (2, Insightful)

cheesybagel (670288) | about three weeks ago | (#47403087)

Time to trademark a 'No Glass Allowed' symbol.

Re:That does it (0)

Anonymous Coward | about three weeks ago | (#47403149)

Time to trademark a 'No Glass Allowed' symbol.

Oh, good idea. That will only leave all of the "other video-capturing devices" that are mentioned RIGHT IN THE FUCKING SUMMARY. You're such a genius.

Re:That does it (5, Funny)

swillden (191260) | about three weeks ago | (#47403319)

Time to trademark a 'No Glass Allowed' symbol.

Better make it "No Cameras Allowed". Which, incidentally, also means "No Smartphones or Tablets Allowed", since they all have cameras... which would actually eliminate the risk of passwords being stolen as they're entered into a smartphone or tablet, since no smartphones or tablets are allowed. Problem solved!

Re:That does it (-1)

Anonymous Coward | about three weeks ago | (#47403851)

Better make it "No Cameras Allowed". Which, incidentally, also means "No Smartphones or Tablets Allowed", since they all have cameras... which would actually eliminate the risk of passwords being stolen as they're entered into a smartphone or tablet, since no smartphones or tablets are allowed. Problem solved!

Shut up, glasshole.

Re:That does it (2)

swillden (191260) | about three weeks ago | (#47404297)

Better make it "No Cameras Allowed". Which, incidentally, also means "No Smartphones or Tablets Allowed", since they all have cameras... which would actually eliminate the risk of passwords being stolen as they're entered into a smartphone or tablet, since no smartphones or tablets are allowed. Problem solved!

Shut up, glasshole.

Jealous, much? Actually, I don't have Google Glass... but I'm hoping to get one for Christmas this year. Neener neener!

Re:That does it (2)

rtb61 (674572) | about three weeks ago | (#47406327)

Of course if you are entering a password whilst using an augmented reality device only you can see what you are doing and why you are doing it. So only way to defeat all those countless surveillance cameras http://www.telegraph.co.uk/tec... [telegraph.co.uk] , http://www.nbcnews.com/id/4416... [nbcnews.com] . Perhaps google glass isn't the problem perhaps the problem already exists.

Re:That does it (2)

meerling (1487879) | about three weeks ago | (#47404425)

Funny thing that, it's mostly people without the google glass that are acting like the last 7 letters of your post.

Re:That does it (0)

Anonymous Coward | about three weeks ago | (#47405039)

I'm not the original poster.

I could easily afford a pair of Google Glasses; I wouldn't even feel the $1,500 expense. But I still detest them.

Now: how am I jealous ?

Re:That does it (0)

Anonymous Coward | about three weeks ago | (#47403821)

Time to patten the laptop keyboard password protector

Re:That does it (1)

drkim (1559875) | about three weeks ago | (#47405261)

Time to patten the laptop keyboard password protector

Or just go with a fingerprint reader.

Re:That does it (1)

mindwhip (894744) | about three weeks ago | (#47405415)

Yeah because its so easy to change next time [popular web service] has a security breach and your fingerprint is in the hands of criminals.

Re:That does it (0)

Anonymous Coward | about three weeks ago | (#47406177)

Use a different finger for each website...

And when you run out of fingers, use...amm...other people's fingers.

Re:That does it (1)

mrsquid0 (1335303) | about three weeks ago | (#47404091)

These glassholes who whine about Google Glass are not very bright.

Re:That does it (2)

meerling (1487879) | about three weeks ago | (#47404409)

This has nothing to do with google glass, other than a headline whore trying to hype his article.
Any video capture device, like every smartphone, security camera, and other form of video camera on the planet can be used for this.

Re:That does it (0)

Carewolf (581105) | about three weeks ago | (#47405653)

Yeah if you had it on all the time and mounted on your face. Oh wait, that is just Google glass.

Re:That does it (1)

pantaril (1624521) | about three weeks ago | (#47405757)

Yeah if you had it on all the time and mounted on your face.

There are no such requirements for this method of password stealing to work.

Re:That does it (0)

Anonymous Coward | about three weeks ago | (#47406201)

Thing is, you're standing in a supermarket checkout counter... if say someone 3 customers down the line is carrying a camera, you *might* be concerned about typing your debit card pin at the checkout counter... on the other hand, if they're wearing one of those fashionable google glass frames, you probably wouldn't even notice they're recording you enter the debit card pin...and might notice them subsequently mugging you right outside the store to get physical possession of the card.

It works!! (-1)

Anonymous Coward | about three weeks ago | (#47403095)

Starbucks tested....

Watching them enter the passcode. (5, Funny)

Anonymous Coward | about three weeks ago | (#47403105)

TLDR - Researchers steal passwords by watching them being entered.

This is why genital recognition is needed. (2, Funny)

Anonymous Coward | about three weeks ago | (#47403235)

The fact that the device is out in the open when the password is entered is the problem here.

There's one technology that solves this problem, and that technology is genital recognition. It works like a password, but it depends on the unique pattern exhibited by each individual's genitalia.

When a password needs to be entered, the user puts the phone down his or her pants/skirt/dress/whatever, and presses the screen against his or her genitalia. The pattern is then analyzed and compared against known data points modeling the genitalia. If there is a match, then the authentication succeeds. If there is not a match, then the authentication fails.

The important thing to remember is that the authentication happens in a secure area: within one's underwear. This helps prevent observers from deducing the password based on visible effects such as shadows and reflections.

Re:This is why genital recognition is needed. (1)

mythosaz (572040) | about three weeks ago | (#47403259)

My previous system relied on a specially designed bicycle seat; but if you can do it with a capacitive screen phone, that's probably a patent-able improvement.

Re:This is why genital recognition is needed. (0)

Anonymous Coward | about three weeks ago | (#47403435)

Bicycle seats do not make contact with one's genitals, regardless of gender. They do, however make full contact with one's anus. What confuses me about your device is why you consider it to be an example of genital recognition. The anus is not a genital, even if it is occasionally used as an orifice for intercourse! One's mouth or nostrils are not considered genitals, nor is one's anus. Your device is, at best, a tool of deviancy and perversion. It is not an example of genital recognition technology.

Re:This is why genital recognition is needed. (2)

FatdogHaiku (978357) | about three weeks ago | (#47403623)

Bicycle seats do not make contact with one's genitals, regardless of gender.

You would think that but:
https://www.google.com/search?q=World+Naked+Bike+Ride&num=30&newwindow=1&safe=off&source=lnms&tbm=isch&sa=X&ei=xSK7U_LMO8n0oATDrYKgDw&ved=0CAgQ_AUoAQ&biw=961&bih=460 [google.com]

There is not a can of lysol or bottle of purell to be had in that city on the day after the event...

Re:This is why genital recognition is needed. (0)

Anonymous Coward | about three weeks ago | (#47404455)

I wonder if bike share programs lock their products on those days,

Re:This is why genital recognition is needed. (0)

Anonymous Coward | about three weeks ago | (#47403345)

But I have a boner right now and I can't unlock my iPad....

Re:This is why genital recognition is needed. (1)

Anonymous Coward | about three weeks ago | (#47403401)

Have you tried? The resolution of the digitizer should be able to detect very small inputs. Maybe you have defective unit?

I just might do this (1)

raymorris (2726007) | about three weeks ago | (#47403837)

I'm churning this over in my head to see if it sparks an idea that might actually be practical. My last major security-related software project was based on gender recognition, so this isn't too far off. Regarding my last project - captchas suck. People aren't much better than computers at recognizing squiggly letters. We are, however, REALLY good at spotting hot chicks.

Re:I just might do this (0)

Anonymous Coward | about three weeks ago | (#47404471)

Apparently these days gender is different to the bits between your legs.

Re:This is why genital recognition is needed. (1)

cameloid (120654) | about three weeks ago | (#47403845)

This is a most excellent idea. However, a method may be developed to circumcise this process by implementing "bulge recognition" software.

Re:This is why genital recognition is needed. (1)

easyTree (1042254) | about three weeks ago | (#47404117)

There's one technology that solves this problem, and that technology is genital recognition.

Presumably this involves some kind of nano-sensor for you? :P

Re:Watching them enter the passcode. (0)

Anonymous Coward | about three weeks ago | (#47403311)

And then wrote some cracking software for the "password-file" they recorded. Yeah, well, looking over someones shoulder to catch the password is not exactly novel (including guessing parts of the password from "whereabouts the hands are"). automating it with video and post-processing to get the password is just a logical extension if you are meaning to do bad. most people would consider this perfectly doable but would never do it because it servers no good purpose.

Re:Watching them enter the passcode. (1)

Mikkeles (698461) | about three weeks ago | (#47403605)

How well does this work for randomized keypad layouts?

Re:Watching them enter the passcode. (0)

Anonymous Coward | about three weeks ago | (#47403883)

How well does this work for randomized keypad layouts?

Axrgy ao ,.nn ao a Ekrpat t.fxrape S[L

Re:Watching them enter the passcode. (0)

Anonymous Coward | about three weeks ago | (#47403925)

TLDR - Researchers steal passwords by watching them being entered.

Solution: EVERYBODY PANIC!

Thats why I type my password in with my (0)

Anonymous Coward | about three weeks ago | (#47403121)

tongue. Thee thee thee ohw thoo ohw non.

I've always thought (4, Interesting)

Registered Coward v2 (447531) | about three weeks ago | (#47403125)

electronic keypads should randomize the numeric order and that the device should not mirror the letter typed on the inout line or on the keypad.

Re:I've always thought (1)

pixelpusher220 (529617) | about three weeks ago | (#47403135)

Indeed they should. but can you imagine the number of password/pin resets the average Joe would then generate?

Re:I've always thought (3, Insightful)

Wootery (1087023) | about three weeks ago | (#47403225)

That's why you'd have it opt-in. Let the security-conscious lead the way.

Re:I've always thought (2)

cameloid (120654) | about three weeks ago | (#47403853)

If you let muppets choose, then that's where it usually falls apart.

Re:I've always thought (0)

Anonymous Coward | about three weeks ago | (#47403209)

There are many security pads that do indeed do this, but you generally only find them in secured facilities that are rated to handle higher clearances.

Re:I've always thought (1)

bhcompy (1877290) | about three weeks ago | (#47404395)

Android can do this.

Re:I've always thought (1)

Herve5 (879674) | about three weeks ago | (#47405487)

not always just in highly secure facilities.
In France the bank associated to the national post office -one you wouldn't expect recruiting geniuses- does present such a variable keypad when you want to access your account, and even more: you must move the mouse over each digit without clicking, basically following a path (a bit like on some phone unlock interfaces) but one that is different each time...

Re:I've always thought (2)

ArcadeMan (2766669) | about three weeks ago | (#47403257)

Being able to customize the keyboard based on the current input required is one of the best feature of virtual keyboards. I thought everyone would be randomizing the keyboard for the "password" field by now.

Re:I've always thought (1)

vux984 (928602) | about three weeks ago | (#47403349)

I thought everyone would be randomizing the keyboard for the "password" field by now.

You thought everyone would want to be reduced to the level of "hunt and peck" they were at the very first the time they saw a keyboard EVERY single time they needed to enter a password?

And what does it get you as a defense vs "google glass attack"? Well, not only do they have to see you enter the password from some oblique angle but for one instant during entry or before they need to see your 'one time virtual keyboard' or at least enough of it make the password search space small enough... ie they have to walk by you while your entering your password and glance over.

Random virtual keyboard defeated by a one second glance.

Thousands of hours of your time wasted playing hunt and peck on a new virtual keyboard every time you want to send an email.

Re:I've always thought (0)

Anonymous Coward | about three weeks ago | (#47404335)

You thought everyone would want to be reduced to the level of "hunt and peck" they were at the very first the time they saw a keyboard EVERY single time they needed to enter a password?

How hard is it to type "12345" on a randomized keyboard?

Re:I've always thought (1)

ArcadeMan (2766669) | about three weeks ago | (#47404769)

1,2,3,4,5? That's amazing, I got the same combination on... aw, forget it.

Re:I've always thought (0)

Anonymous Coward | about three weeks ago | (#47404851)

I thought everyone would be randomizing the keyboard for the "password" field by now.

You thought everyone would want to be reduced to the level of "hunt and peck" they were at the very first the time they saw a keyboard EVERY single time they needed to enter a password?

And what does it get you as a defense vs "google glass attack"? Well, not only do they have to see you enter the password from some oblique angle but for one instant during entry or before they need to see your 'one time virtual keyboard' or at least enough of it make the password search space small enough... ie they have to walk by you while your entering your password and glance over.

Random virtual keyboard defeated by a one second glance.

Thousands of hours of your time wasted playing hunt and peck on a new virtual keyboard every time you want to send an email.

Runescape has a randomised keypad for entering their bank pins. The numbers shift on every entry, thus (in theory) beating attempts to gain the pin using the location of the button. The number on the button disappears once the cursor has entered the area which makes it more difficult again to know what the number is (you could read the other numbers to guess the number though).

Re:I've always thought (1)

vux984 (928602) | about three weeks ago | (#47403301)

Some do.

But they are a pain to use, since most of us do password entry with some muscle memory, and on a smart phone nobody which one opens and unlocks 100 times a day nobody is going to want to have to exert that much effort.

Re:I've always thought (1)

Mal-2 (675116) | about three weeks ago | (#47405369)

If you're doing it by muscle memory, you can do it with your hand covered. Problem solved.

Re:I've always thought (0)

Anonymous Coward | about three weeks ago | (#47403333)

If thery catch the input on video, then it does not matter if it shows you pressing the 1 on a "1 2 3" or a "8 1 5" layout row. still shows the digit entered as a 1.

WildStar does this (1)

cirby (2599) | about three weeks ago | (#47403381)

The MMO WildStar uses a randomized keypad for their two-factor authenticator input.

After a while, you get pretty good at it.

Re:WildStar does this (1)

Buzer (809214) | about three weeks ago | (#47405527)

That's horrible use case. It really should not matter if the hacker can get your used one time token after you have entered it. Of course, it's bigger deal if they are not actually one time tokens like in Wildstar (you can use the token until it expires), but that should be fixed by making them one time tokens.

Oh yeah, and their reasoning was that it would protect users against drive-by Javascript keylogger [wildstar-online.com] (on desktop client).

Re:I've always thought (1)

Charliemopps (1157495) | about three weeks ago | (#47403387)

electronic keypads should randomize the numeric order and that the device should not mirror the letter typed on the inout line or on the keypad.

OR... you could just walk around as you type throwing off their algorithm and not introduce another overly complicated and insanely annoying security feature that would simply push people into not securing their devices at all.

Re:I've always thought (1)

jittles (1613415) | about three weeks ago | (#47403833)

electronic keypads should randomize the numeric order and that the device should not mirror the letter typed on the inout line or on the keypad.

I used to work at a secure facility with a keypad like this. It was the first stage to getting into the building. You would hit a button and the digits would randomize. I eventually got to the point where I could look at the pad and input my 6 digit code within about 2 seconds. It took me about 2-3 weeks to get that down pat. After that, I would only mess up about once or twice a month.

Re:I've always thought (1)

LinuxIsGarbage (1658307) | about three weeks ago | (#47404143)

The spare parts stores at our manufacturing plant uses a keypad like this too.

Re:I've always thought (1)

NotInHere (3654617) | about three weeks ago | (#47405797)

I can only agree when you have a keypad that only has one code (one user), and you use it daily. Otherwise the used keys get worn out, which can help possible intruders. For a 4 digit PIN you will have 4!=24 possibilities instead of 10^4=10000, and even less when one digit occurs twice.

And again, Windows Phone unaffected (0)

Anonymous Coward | about three weeks ago | (#47403131)

Because, after all,

You cannot capture what does not exist!

Google Glass only? (4, Insightful)

tomhath (637240) | about three weeks ago | (#47403159)

I suppose you can be more subtle about it, but really any video cam would work just as well. Especially if you set it up near a place where people will be typing a useful password instead of loitering and staring at people.

Re:Google Glass only? (3, Informative)

oodaloop (1229816) | about three weeks ago | (#47403247)

I know, I must be new here and everything, but it does in the first sentence of the fantastic summary, "and other video-capturing devices".

Re:Google Glass only? (1)

I'm New Around Here (1154723) | about three weeks ago | (#47404925)

Stop stealing my name, please. :^P

Re:Google Glass only? (1)

amicusNYCL (1538833) | about three weeks ago | (#47403415)

And why limit it to just passwords? There's a whole onscreen keyboard there to be watched.

Re:Google Glass only? (1)

Carewolf (581105) | about three weeks ago | (#47405661)

Try taking a handheld camera and hold it at people who are typing their phone or ATM pincode and see what happens... (Warning damage yo your face may occur). The problem is that you can't pretend it is off like you can with a google glass.

Cover your input (4, Insightful)

briancox2 (2417470) | about three weeks ago | (#47403163)

For the last couple of years I have been completely covering any input I give to a phone unlock or ATM PIN given. With cameras everywhere, this was only a matter of time.

Re:Cover your input (3, Funny)

Hamsterdan (815291) | about three weeks ago | (#47403505)

Damn you! When I tried to cover my hand with the other one, my phone dropped to the floor...

Re:Cover your input (1)

briancox2 (2417470) | about three weeks ago | (#47404575)

I never said it was easy. =)

Re:Cover your input (1)

I'm New Around Here (1154723) | about three weeks ago | (#47404931)

So, what? You approach well endowed women of the appropriate height, say "Excuse me for a second", and place your phone on their voluminous cleavage, freeing both hands for securely entering your password?

That's ingenious!

Even better... (0)

Anonymous Coward | about three weeks ago | (#47403175)

It would be a lot easier if the typing was done on a device where the letters were sticking out from the "screen" so this software could make out what letters were being touched more easily and accurately. I'll call this device a "key-board"! Oh, the security problems we'd have with such a device.

Sensationalistic title and duh! (5, Insightful)

pr0t0 (216378) | about three weeks ago | (#47403177)

As the video points out, this is not limited to Google Glass, any video capturing device will work. But beyond that, this is really kind of obvious. Yeah, video recording someone entering their password on a touch device will give you a fairly accurate idea of what that password is. Record, playback at 1/4 speed, password. I would bet that security camera footage might even be better to work with due to the angle. The custom software I suppose is a nice achievement, but I would guess it's not all that necessary.

Re:Sensationalistic title and duh! (1)

tlhIngan (30335) | about three weeks ago | (#47403307)

As the video points out, this is not limited to Google Glass, any video capturing device will work. But beyond that, this is really kind of obvious. Yeah, video recording someone entering their password on a touch device will give you a fairly accurate idea of what that password is. Record, playback at 1/4 speed, password. I would bet that security camera footage might even be better to work with due to the angle. The custom software I suppose is a nice achievement, but I would guess it's not all that necessary.

Except with Glass it's easier to do it by casually looking in the direction of the person. I'm fairly certain if someone has their smartphone or camcorder pointed in your direction steadily it's a little more obvious than someone just looking past you who happens to be wearing Glass.

Re:Sensationalistic title and duh! (1)

kqs (1038910) | about three weeks ago | (#47403403)

Seems rather the opposite. We're very good at noticing when someone is looking at us (a leftover from being prey I suspect), but I always see people standing, holding their phone angled slightly (pointed nicely at any laptops at nearby tables). Add a fake game screen while the camera runs for extra stealth.

Re:Sensationalistic title and duh! (1)

unrtst (777550) | about three weeks ago | (#47403473)

Except with Glass it's easier to do it by casually looking in the direction of the person. I'm fairly certain if someone has their smartphone or camcorder pointed in your direction steadily it's a little more obvious than someone just looking past you who happens to be wearing Glass.

Except with every other inexpensive video only device on market, and especially those designed for the task, it is even easier and more stealthy than Glass.
Ex. http://www.newegg.com/Camcorde... [newegg.com]
Those start around $10.
For $45 you can get a pair of sunglasses that look very much like average sunglasses and have a 720p video recorder. http://www.newegg.com/Product/... [newegg.com] ... and I'm sure all those and more can be found cheaper elsewhere.

This is not a Google Glass hack in any way, shape, or form. It would not surprise me at all if there were more people with "spy" glasses like those above than there are Google Glass owners, and those with "spy" glasses are MUCH more likely to be trying to hide their actions (Glass isn't exactly normal looking).

Re:Sensationalistic title and duh! (2)

DraugTheWhopper (3525837) | about three weeks ago | (#47403357)

In other news, professional behavioral psychologists teach a new dog old tricks.

http://blogs.mcafee.com/consumer/smartphone-pin-codes

http://www.syssec.rub.de/media/emma/veroeffentlichungen/2014/06/30/GraphNeighbors-Sicherheit14.pdf

Re:Sensationalistic title and duh! (3, Funny)

Sperbels (1008585) | about three weeks ago | (#47403697)

Don't interrupt the Glass hating. Glass is evil. Look at all these new avenues of terrorism it makes available to the common man.

Re:Sensationalistic title and duh! (-1)

Anonymous Coward | about three weeks ago | (#47403885)

Glass might not be evil but the kind of people who want them are faggot bitches who'll hopefully have them knocked off their face with a claw hammer.

Re:Sensationalistic title and duh! (0)

Anonymous Coward | about three weeks ago | (#47404037)

I realize you're disappointed that your mom wouldn't buy you the Glass you wanted for your birthday, but you need to find a more mature way to deal with it.

not Sensationalistic (0)

Anonymous Coward | about three weeks ago | (#47405813)

The reason google glass is panned more than any other device like mobile phone, is because google glass is damn more discrete at filming whereas holding a mobile phone is far more obvious in most cases.

cant break all (0)

Anonymous Coward | about three weeks ago | (#47403187)

Well I know this wouldn't be able to break iPhone fingerprint sensor or black berry's picture password.

Re:cant break all (0)

peragrin (659227) | about three weeks ago | (#47403383)

nope but Gummy bears can fool the iPhone sensor. even better the smooth surfaces provide several finger prints to pull from.

Re:cant break all (0)

Anonymous Coward | about three weeks ago | (#47403423)

No, but a $5 wrench does that if you need it bad enough. (faking fignerprints is not exactly difficult for most cases, the biggest issue is getting a good print to make it from)

Re:cant break all (1)

Qzukk (229616) | about three weeks ago | (#47403451)

this wouldn't be able to break iPhone fingerprint sensor

a $5 wrench does that if you need it bad enough...the biggest issue is getting a good print to make it from

"Here, hold this wrench a second"

s/Google Glass/a camera. (1)

Anonymous Coward | about three weeks ago | (#47403265)

FFS this was quite interesting enough without turning it into yet another fucking "completely different because it's done with Glass/3D printer" story.

not even reading the summary? (0)

Anonymous Coward | about three weeks ago | (#47403273)

I see none of the initial comments even read the summary. They skipped this part entirely:

The thief can be nearly ten feet away and doesn't even need to be able to read the screen — meaning glare is not an antidote. The security researchers created software that maps the shadows from fingertips typing on a tablet or smartphone. Their algorithm then converts those touch points into the actual keys they were touching, enabling the researchers to crack the passcode. They tested the algorithm on passwords entered on an Apple iPad, Google's Nexus 7 tablet, and an iPhone 5.

Re:not even reading the summary? (0)

Anonymous Coward | about three weeks ago | (#47403361)

I can't read, I'm not a loser.

Re:not even reading the summary? (0)

Anonymous Coward | about three weeks ago | (#47404477)

It's still seeing the screen, just not what's on the screen.

News Flash! (1)

phizi0n (1237812) | about three weeks ago | (#47403375)

This just in, video cameras can record you entering passwords, more at 11.

No, don't say a word. (0)

Impy the Impiuos Imp (442658) | about three weeks ago | (#47403385)

Based on the buff pattern of his hand, he jerks off lefty. Flushing suggests approximately 6.5 hours ago. Computer estimates from wear pattern thinking of one Taylor Swift, body part: nose and upper lip.

It's on its way, people.

Re:No, don't say a word. (1)

I'm New Around Here (1154723) | about three weeks ago | (#47404965)

Based on the buff pattern of his hand, he jerks off lefty.

He needs better lube.

Foiled By Password Safes (1)

Dr. Eggman (932300) | about three weeks ago | (#47403453)

"I don't get it, almost all his passwords should be Shift+v! Why isn't this working?"

"Read out says CTRL+v, boss."

"Don't be stupid! It has to be Shift!"

Let me fix that for you (3, Insightful)

bl968 (190792) | about three weeks ago | (#47403671)

Researchers Develop New Way To Steal Passwords Using a video camera

Easy... (1)

viperidaenz (2515578) | about three weeks ago | (#47403693)

Change your on-screen keyboard layout. Then they'll need to see the screen to figure out what letter is at each position.

God Bless America (0)

Anonymous Coward | about three weeks ago | (#47403979)

If this modern United States government had half the balls of the founding fathers, characterwise, they would outlaw these glasses and make it a crime to spy.

Who would hae thought? (1)

nurb432 (527695) | about three weeks ago | (#47403997)

That you can capture passwords with a camera.

WTF .. This place is really gone to the dumps..

TOTC (1)

easyTree (1042254) | about three weeks ago | (#47404127)

Is this the "think of the children" glass-killer ?

Google - R u listening (1)

HarishBali (3729049) | about three weeks ago | (#47404573)

Google must find a solution before it gets popular among hacking community and some people suffer.

Researchers ? (1)

hanzoach (633415) | about three weeks ago | (#47405339)

So.. does it mean they won't need research grants anymore ?

why? (0)

Anonymous Coward | about three weeks ago | (#47405541)

I'm all for security researchers finding flaws and whatnot, but this seems way over the top. What thief would have been capable of developing an algorithm this sophisticated? Seems like all they've done is build a new tool for thieves, which would probably not have otherwise existed, and has basically no legitimate use. So why do it? Am I underestimating the sophistication of thieves these days?

HD security cameras (0)

Anonymous Coward | about three weeks ago | (#47405853)

Well high def security cameras should be able to pick it all up.

It seems so simple... (1)

mark_reh (2015546) | about three weeks ago | (#47406141)

Why doesn't someone just modify the snippet of code in the OS that displays the touch keys on the phone/tablet screen to place them in a new random order each time you unlock the device so that when you enter the PIN to unlock the device you never use the same finger placement pattern twice? That would also prevent analysis of scratches/smudges on the surface of the device as a means of cracking it.

I know, I know, users would probably complain.

Wont work (0)

Anonymous Coward | about three weeks ago | (#47406277)

With all the different models, orientation, screen overlays, types of on-screen keyboard, angle of phone, multiple lights.

This might work in a clean lab enviroment with standard phones set to default and read from a speisific angle.
In the real world it wont work for shit, ever try using a QR scanner out in the world, and not at home? :P

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>