Fast, Automatic iPhone Shoulder Surfing [video]

Spying on a person is an easy and effective method to obtain sensitive informations, even when the victim is well protected against common digital attacks. Modern mobile devices allow people to perform some information sensitive actions in unsafe places, where anyone could easily observe the victim while typing. What if your mobile phone has a cool touchscreen interface that gives you graphical feedback as you type (iPhone, Android, BlackBerry Torch)?

Does it make shoulder surfing easier or, worse, automatable? Researchers believe so, and to demonstrate it, they developed a practical shoulder surfing attack that automatically reconstructs the sequence of keystrokes by aiming a camera at the target touchscreen while the victim is typing. Our attack exploits feedback such as magnified keys, often appearing in predictable positions. This feedback mechanism has been adopted by the top three touchscreen vendors (Apple iOS, Google Android, RIM BlackBerry); in newer version of these mobile OSs, the user has no way to disable it.

To demonstrate the effectiveness of the approach, they implemented it against the iPhone (the most popular one), but it can be easily adapted to similar devices with minor modifications. The attack takes into account that, in real-world scenarios, both the victim’s device and attacker’s spying camera are not standing in fixed positions. To compensate their movements and misalignments, the system detects and rectifies the target screen before identifying keystokes.

By doing that, they are able to automatically recognize up to 97.07% of the keystrokes, with as low as 1.15% errors and an average processing speed that makes it a fast and quasi-real-time alternative to shoulder surfing. A similar attack has been recently proposed: Unfortunately, it seems to require a larger screen (i.e., iPad), that the soft keys are blue, and that the target scree doesn’t move.

[via]



LATEST ARTICLES



SUPPORT

We don't think that using an adblocker = piracy. That's simply not true. We use and recommend uBlock Origin.

However, as a small non-corporate website, we would appreciate it if you'd consider whitelisting FSM in your adblock of choice.

Alternatively, consider donating using the options below....

PayPal  
Monero (XMR) 43GnqUNJrTi9QyL7kEH8vM8pgWGCE6bjv1FSRipeNMM4TTeNnUVsRBb6MfMpQYxtLE7ReonxVVSXz2rFCEdW5H11LC3x73b
Bitcoin (BTC) 1Hfuq77gKKFJeNcq4EP4dQK3yDRWrFEwJR
Bitcoin Cash (BCH) qzmdm6e6q5wf2p6sxz2mst7cenz60newwc5m4e9js8
Ether (ETH) 0x5f02869278C24A6579d3820f52AD15936D6F9d69
Stellar (XLM) GDWT2QU2CI3GZ5XH5DTSU3IUAHZMTB6VQKKRHBYWS5YCCQOAG6OKG2OB
More content?  
Ads Blocker Image Powered by Code Help Pro

Congrats on using an adblocker. We mean it.

Please support us by disabling your AdBlocker or whitelist us.

Thank you! ❤️