Stealing passcodes with Google Glass or other cameras

Jun 24, 2014 19:01

The concept is that you can algorithmically figure out what the person entered as a passcode with high accuracy for numeric codes and impressive accuracy for alphanumeric passcodes. The question is exactly how much of a threat does this thing represent, since you need a fairly clear view of the device that's being used. surveillance

Leave a comment

Comments 3

silveradept June 27 2014, 01:09:37 UTC
The article suggested that even partial views could be enough, as I read it. Which is pretty interesting. I also wonder how long it will take for someone to write custom firmware for Glass that will turn off all the visible indications that it is working.

Reply

thewayne June 28 2014, 01:48:12 UTC
I don't know anything about the Glass APIs, but my understanding is that it's possible to do a low-level approach to turning on laptop cameras independent of the LED if you bypass the canned APIs, so I don't see why not.

IIRC, a comment suggested that one way to fight this is to randomize the keyboard before and after every key press by the legitimate user. I wrote a program that did this ages ago in an early dialect of Visual Basic, I did two versions that randomized a 10-key pad and another that did a full alphanumeric keyboard. Another comment said that this randomization was something that Europe has been doing for ages, so I'd expect it to find its way over here.

Reply

silveradept June 28 2014, 03:13:58 UTC
Eventually, yes, they'll figure it out. I'm most interested in having them finally develop some way of having app shortcuts on the lock screen that will then require the passcode to continue with. Android seems unable to do this at times.

Reply


Leave a comment