Just when you have got used to protecting your pin in garages and supermarket checkouts from hacker snooping, (that is if you don’t yet use a PIN free system) along comes a new danger.
It’s like lip-reading but it’s finger press guessing.
According to Rick Newman, a writer who enjoys the goal to ‘distill meaning from a torrent of information and help people differentiate news that matters from news that doesn’t matter, fake news and not-news,’ hackers can guess PINs by ‘analysing video of people tapping on their smartphone screens — even when the screen itself isn’t visible.’
Impossible? well, people are always checking their smartphones, aren’t they? If they tap in a PIN to unlock it, it could be watched and used by any diligent hacker.
Newman reports on Syracuse University where researchers have demonstrated that PINs can be worked out using ‘spatio-temporal dynamics’ which ‘gauge the distance from the fingers to the phone’s screen and approximate which characters are tapped by fingers.
Hand movements and ‘the known geometry of a phone’, they can see which keys are pressed. The video of a user tapping in a PIN is treated to a combination of image analysis and motion tracking algorithms.
Perhaps it’s too early to be alarmed. Newman admits there are no known instances of a hacker grabbing data this way, much less how he or she would get all the other necessary bits required unless he/she steals the phone, but it is only a matter of time, ‘they’ll eventually get lucky.’
Maybe. Certainly people filming quite openly in public places has become the unchallenged norm, so hacker videos can be made easily of people accessing devices.
But the fact is, that the PIN and related passcodes are still the lifeblood of our digital age, and they are so often the weakest link in our personal security. So, anything we can do to foil each and every hacker is worth it.
Common Sense Protection
So, assume that whatever you do, somebody is watching. Hiding phones while accessing the web would be sensible. Newer devices allow ‘a longer, more complex alphanumeric passcode’
PayPal wants to get ahead of the game and is reported by Sophie Curtis in The Daily Telegraph as working on ‘a new generation of embeddable, injectable and ingestible devices’ which will replace passwords.
Jonathan LeBlanc who rejoices in the job title at PayPal of ‘global head of developer evangelism’, claims that these devices could include brain implants, wafer-thin silicon chips that can be embedded into the skin, and ingestible devices with batteries that are powered by stomach acid.’
LeBlanc told the Wall Street Journal that these devices would ‘allow natural body identification by monitoring internal body functions like heartbeat, glucose levels and vein recognition.’
He is convinced that in time they will replace passwords and even more advanced but inconsistently reliable methods of identification, like fingerprint scanning and location verification.
Is that the price we’re going to have to pay to keep every hacker at bay – an implant?!?
Some earlier blogs on this hacker stuff:
CAPTCHA Is a Busted Flush Now, Thank to an Algorithm, 27 November 2013
Image: Intel Free Press