It seems lately that not a week goes by without hearing of some kind of security breach, whether it be at a big corporation or a new backdoor into our mobile devices. We’re constantly being reminded to update our passwords, and to be careful and observant when entering those passwords in public or on public wifi. A new research paper suggests that it may be possible to steal your password or pin without actually seeing the screen of the device.
Researchers at Syracuse University have revealed a new possibility in the art of stealing your pin, which relies on spatio-temporal dynamics of the hands. Spatio-temporal dynamics is a type of artificial intelligence that involves calculating the distance and relationship of objects. In an experiment conducted last year, the Syracuse researchers discovered thieves could use spatio-temporal dynamics to figure out smartphone passwords. From the research paper:
Research on attacks which exploit video-based side-channels to de-code text typed on a smartphone has traditionally assumed that theadversary is able to leverage some information from the screen dis-play (say, a reﬂection of the screen or a low resolution video of the content typed on the screen). This paper introduces a new breed of side-channel attack on the PIN entry process on a smartphone which entirely relies on the spatio-temporal dynamics of the handsduring typing to decode the typed text. Implemented on a datasetof 200 videos of the PIN entry process on an HTC One phone, we show, that the attack breaks an average of over 50% of the PINs on the ﬁrst attempt and an average of over 85% of the PINs in ten attempts. Because the attack can be conducted in such a way not to raise suspicion (i.e., since the adversary does not have to direct the camera at the screen), we believe that it is very likely to be adopted by adversaries who seek to stealthily steal sensitive private information.
At the moment, it doesn’t seem like this is something you need to be worried about if you’re sitting in your local coffee shop. However, as technology moves at a rapid pace and something like this could be used in a mobile setting, it makes things like fingerprint unlocking and BlackBerry 10’s Picture Unlock seem to be a little more important. In the meantime, be cognizant of your surroundings. Mobile security starts with you.