Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Fast, Automatic iPhone Shoulder Surfing

phretor (552424) writes | more than 3 years ago

Iphone 0

phretor writes "Spying on a person is an easy and effective method to obtain sensitive informations, even when the victim is well protected against common digital attacks. Modern mobile devices allow people to perform some information sensitive actions in unsafe places, where anyone could easily observe the victim while typing. What if your mobile phone has a cool touchscreen interface that gives you graphical feedback as you type (iPhone, Android, BlackBerry Torch)? Does it make shoulder surfing easier or, worse, automatable? Researchers believe so, and to demonstrate it, they developed a practical shoulder surfing attack that automatically reconstructs the sequence of keystrokes by aiming a camera at the target touchscreen while the victim is typing. Our attack exploits feedback such as magnified keys, often appearing in predictable positions. This feedback mechanism has been adopted by the top three touchscreen vendors (Apple iOS, Google Android, RIM BlackBerry); in newer version of these mobile OSs, the user has no way to disable it. To demonstrate the effectiveness of the approach, they implemented it against the iPhone (the most popular one), but it can be easily adapted to similar devices with minor modifications. The attack takes into account that, in real-world scenarios, both the victim's device and attacker's spying camera are not standing in fixed positions. To compensate their movements and misalignments, the system detects and rectifies the target screen before identifying keystokes. By doing that, they are able to automatically recognize up to 97.07% of the keystrokes, with as low as 1.15% errors and an average processing speed that makes it a fast and quasi-real-time alternative to shoulder surfing. A similar attack has been recently proposed: Unfortunately, it seems to require a larger screen (i.e., iPad), that the soft keys are blue, and that the target scree doesn't move."
Link to Original Source

cancel ×

0 comments

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>