A complex new scheme for stealing passwords via Glass has been floating around, showing how the wearable can be used to detect and store password info. It’s fairly accurate, too, recognizing over 80% of entered codes. Just by watching someone enter their info, a Glass user could potentially have access.
Then again, it’s a terribly complex scheme. By loading software that knows what device is being used and tracks finger movement, any wearable with a camera can decipher the code. Then again, so could you with simple, critical observation — if you wanted the info, that is.
The team who created this software, researchers at the University of Massachusetts Lowell no less, tested it on a webcam, Samsung Galaxy Gear, and Google Glass. The webcam was the most accurate, with roughly 92% accuracy in picking up on 4-digit pass-codes. Glass fared slightly worse, but still pretty good — an 83% success rate.
Xinwen Fu, a computer science professor at UMass Lowell and led the team of researchers, said “If someone can take a video of you typing on the screen, you lose everything.” He added “any camera works, but you can’t hold your iPhone over someone to do this. Because Glass is on your head, it’s perfect for this kind of sneaky attack.”
Google is less than concerned, saying “Unfortunately, stealing passwords by watching people as they type them…is nothing new”, continuing that Glass has a light that illuminates when the camera is running, making it the worst spy device ever.