Eye glasses for spying used to sound like something out of a James Bond film, but Google Glass is turning this idea into a frightening reality.
A study completed by cyber forensics experts at the University of Massachusetts in Lowell developed a way to steal passwords entered on smartphones and tablets by wearing Google glass, a device that is mounted on eye glasses. Both Google Glass and other video-capturing devices can pick up this information from almost 10 feet away.
And the thief wouldn’t have to be able to read the screen, either. The researchers created software that records and tracks the shadows of fingertips as they type in tablet and smartphone passwords. The software’s algorithm converts the touch points to keystrokes to allow researchers to crack passcodes.
The tests, which were successful, were completed on an Apple iPad, a Google Nexus 7 tablet, and an iPhone 5. The cause for alarm, however, is that researchers pointed out that possibility of getting valuable information from unsuspecting mobile device users, such as a bank account password.
In addition to testing their software on Google Glass, which can now be used for prescription glasses, the researchers also used cell phone video, a webcam, and a camcorder. The camcorder’s software worked at a distance of over 140 feet; however, this would likely be the most suspicious use of this technology.
However, devices like Google Glass and smartwatches could easily and stealthily record a target typing on his phone in public, says researcher Xinwen Fu and his team, without drawing any attention.
“The major thing here is the angle,” said Fu. “To make this attack successful the attacker must be able to adjust the angle to take a better video… they see your finger, the password is stolen.”
Google Glass has recently come under fire in the UK, where it has been banned in movie theaters due to piracy concerns.
One potential solution to combat this type of theft is to use a tool to randomize the location of keyboard keys, so a “9” could appear where a “1” normally does. However, many of these tools are not widely available.
Fu and his team will present their research next month at the Black Hat cybersecurity conference.