Huffpost Business

The New, Creepy Way Your iPhone Passcode Could Get Stolen

Posted: Updated:
Print

If you've ever felt a little paranoid while entering your iPhone's passcode in public, consider yourself justified.

A startling number of common electronic devices can be used to figure out your iPhone's four-digit PIN from afar, according to a new study from the University of Massachusetts set to be presented in August.

The really creepy thing? Potential thieves don't have to see the screen to figure out what you're typing. They just have to take a video of the way your fingers move.

The study's team of researchers -- led by Xinwen Fu, an associate professor in the school's computer science department -- determined that webcams, smartwatches, regular cameras, iPhones and Google Glass can all be used to steal the four-digit personal identification numbers of iPhones, as well as those of iPads and Nexus tablets.

The team was able to successfully recognize people punching in randomly generated passcodes with three different types of cameras -- the Logitech HD Pro Webcam C920, iPhone 5 and Google Glass.

To do so, they developed a program that can figure out a person's passcode by taking videos of them punching the passcode into their iPhone or tablet. From nearly 10 feet away, they were able to determine passcodes with 80 percent accuracy on the first try and 95 percent accuracy on the second.

Here's how easy it would be for someone to take secret video of you with Google Glass and a smartwatch while you enter your passcode:

google glass spy

That's scary, but get this: The team was also able to use the program they developed to identify an iPad's passcode by taking video with a camcorder from more than 144 feet away.

This photo provided by the researchers illustrates how someone can be farther from you while still stealing your passcode:

google glass spy

The program looks at the movements of your fingers and the shadows they create on the device to determine which numbers you're pressing. To steal your passcode, someone would just have to take a video of you typing it in and run the video through the program.

The research done so far has focused on PINs for iPhones and tablets, but it easily could be applied to other four-digit codes, such as banking PINS, eventually.

As long as a person has the team's program, and the video quality is good, "everything happens pretty automatically," Fu told The Huffington Post in a phone interview.

That's not very reassuring. But what good is knowing someone's PIN if a potential thief doesn't have the device anyway?

"Many of us use our passcode for everything, like the ATM," Fu said. If you use the same passcode for different sites, "you are in trouble." Plus, many people do mobile banking on their phones or tablets in public, punching in their PIN in front of other people, Benyuan Liu, a professor and member of the research team, told HuffPost.

Neither Apple nor Google responded to a request for comment. But Google has downplayed Glass' snooping capabilities in the past.

“Glass is the world’s worst spy camera," Astro Teller, head of Google X (the company's semi-secret research arm), said at this year's TechCrunch Disrupt NY. "If you want to surreptitiously take photos, I would not use Glass.”

Smartwatches are the newest craze in technology. Google is developing one, Samsung has one, and Apple is rumored to be making one, too. With a smartwatch, you can answer phone calls, read texts, listen to music ... and spy on people. Want to use the program to spy on someone you're not even looking at? Use a smartwatch.

"With the smartwatch, they can record without looking at you," Fu told HuffPost. "That's pretty scary."

[h/t Wired]

Around the Web

Eye Spy with My Google Glass - Digits - WSJ

Google Glass is the world's worst spy camera, says Google X head ...

Researchers' Google Glass Spyware Sees What You See - Forbes