Password cracking that bypasses any bruteforce

Nitish ChandanCyber SecurityLeave a Comment

Interesting, is it?

You are in a mall shopping and have to login to your mobile banking portal for some reason. You go to a corner, face a wall and type your password. Wonderful! Nobody can see what you type and you are not worried at all.

Think again now. No I am not talking about shoulder surfing here, come on! Hackers can now mathematically generate your entered passwords by interpreting a video of you tapping on your smartphone even if the display is not visible. This has been demonstrated at the Syracuse University.
The mechanics behind this interpretation is “spatio temporal dynamics” to measure the distance from the fingers to the phone’s screen and then making the exact guess. One of the co-author of a paper about this technology, Vir Phoha says that it is like lip reading. All you need to have and know is a clear video of the user typing and known geometry and model of the phone.
No incidents have been reported yet of hackers stealing password in such a way but it is known that it won’t be very far away. With mobile banking coming to every one and the increasing use, the vulnerability increases multifold and the developers of this technology have stated that it is very simple to implement for anybody who knows programming. If used in the right direction National Security and Law enforcement agencies could use it to keep record of people they are tracking.

The Syracuse experiments involved 50 volunteers typing PINs into HTC One smartphones, in a variety of different settings and postures. For each volunteer, researchers shot four different videos. The recordings were made using two off-the-shelf devices: a Google Nexus 5 smartphone camera and a Sony camcorder. All the videos were shot from the side or back of the phone, from 12 to 15 feet away. None of the videos captured the phone screen or explicitly showed what users were typing.

Software filled in the gaps, however, with a combination of image analysis and motion tracking algorithms being remarkably effective at “guessing” the PINs users typed in. On the first guess, software determined the correct password between 40% and 62% of the time, depending on the quality of the video and the zoom ratio. The highest-quality video produced an 82% accuracy rate after 5 guesses and 94% accuracy after 10 guesses. Using more than one video for each phone raises the odds of success even further.
Originally here

All this happens in the west, new technologies and smarter internet users. In India, we still have the problem of people being very careless about passwords and later complaining that the internet world is very unsafe. Just a couple of months ago, I saw an IT professional speaking out loud his ATM pin to a Pizza hut attendant while swiping his card for payment. In order to stay safe, it is important to implement high end technologies, yes but without basic internet ethics and safe usage awareness there is no software that can protect you.

Password Cracking

Leave a Reply

Your email address will not be published. Required fields are marked *