Your iPads’s secure passwords could be at risk from a new breed of thieves that peer over your shoulder as you enter passwords into your device. They could then steal your bank log in details, PayPal password or anything else that you have secured by a password.
The technique known as “Shoulder Surfing” could become a whole lot easier to carry out as demonstrated by a South African security research company. It has built an app that can decipher the key presses you make on your iPad. It works on a jailbroken iPhone, iPad or even on Mac OS. All you need to do is stealthily capture a video of a users key presses with your chosen device. The software can then get to work and reveal the password. In fact it gets even worse than that, the software can even be used with surveillance cameras or long distance lenses; making it even easier to capture the information without being spotted!
When a user types on an iPad’s touchscreen, each key glows blue for a fraction of a second after it’s struck, a helpful bit of feedback for any virtual keyboard. ShoulderPad’s image recognition algorithms, based on Open CV’s open source image recognition software, look for that flash of blue. “At any distance, if the blue is distinguishable, shoulderPad can detect that keystroke.
Of course software providers always protect a users password entry by showing asterisks on screen rather than the actual letters. If this sort of software gets in the wrong hands, that measure would not stop your passwords from being stolen and could open up a whole new phase of online crime! There is a short video demo after the break!