Welcome to a brave new world where 10 feet across from you, a hacker could steal your password using new technology.
Xinwen Fu, a cyber forensics expert at the University of Massachusetts, explains how if they see the screen, they see your finger, and pretty much your passcode is stolen.
Using 'Google Glass',or any other recording device, like cell phone video or a camcorder this security researcher can crack your pin.
He's developed software that can break down hand movements from video. You type, he records. doesn't matter if there's glare. Doesn't even matter if he can't see the screen.
The process is now easier by the rise of wearable tech, which makes it simple to discretely record hand movements.
'Glass' is on your head so people can easily adjust the angle and take the picture.
Here's how it works.
If we know the position of the finger then we know the position of the finger on the keyboard, the position you touch is a key so we call that touch point. We can actually match this touch point to a reference keyboard to an actual keyboard and we get your key.
We put it to the test using the same device Xinwen used when he was developing his software: Google Glass. We put them on a real-world attacker.
Without seeing the screen, the hacker was able to guess the password on the first try.
They only used the passcode as one example to demonstrate the danger. But, if you actually used mobile banking to type in your password and access your banking it could be very dangerous.
The vulnerability, Xinwen says, is that keys are always in the same place. There are tools for randomizing the location of keys on a keyboard, and that would make something like this impossible. Those tools aren't widespread, but Xinwen hopes by exposing the dangers, it will lead to solutions.