Monday, 26 November 2012

Who watches what you type?

The IET magazine says that computer vision scientists at the University of North Carolina have revealed a way to compromise smartphone security. They have an effective way to snoop on every word typed on a person’s smartphone screen.
They were able to snoop on a phone from anything up to 60m away, and were able to reconstruct a message typed on the screen from video footage. The scientists said that “We found it was possible to automatically recover typed text, from reasonable distances, even using low-budget equipment,”
The project, dubbed iSpy, relies on the virtual keyboard that smartphones like the iPhone employ which pops-up each letter at a larger scale as you select it. They were able to capture images using an off-the-shelf video camera, stabilise the images and then analyse them.  At a distance it is not easy to work out which one of adjacent letters had been typed. To enable recognition iSpy fed the image data into a program that uses language models to calculate probable meaning depending on context, resulting in 90 per cent accuracy.

One of the scientists, Fabian Monrose, said iSpy was able to recover passwords remarkably easily, even though it relied on contextual information to help it. Users must have been choosing simpler words and ideas as passwords - instead of random strings of characters.

Perhaps people should be thinking about protecting themselves better by using systems like two-layer authentication. This system protects your account by requiring a second password in the form of a numeric code sent to your mobile phone when you login.

No comments:

Post a Comment