At a restaurant, you pull out your phone to check email. Without even thinking about it, you tap in a PIN to unlock your phone. Your back’s to the wall and nobody can see what you’re typing, so there’s no reason to worry that somebody could intercept your passcode.

Except, sadly, there is. Researchers at Syracuse University have demonstrated that hackers can guess PINs by analyzing video of people tapping on their smartphone screens -- even when the screen itself isn’t visible. Software used to analyze such video relies on “spatio-temporal dynamics” to gauge the distance from the fingers to the phone’s screen, and then approximate which characters the fingers tap on a keypad. “It’s like lip reading,” says Vir Phoha, an engineering and computer science professor at Syracuse and co-author of a paper on the technology. “Based on hand movement and the known geometry of the phone, we can see which keys are pressed.”

There don’t appear to be any known instances of hackers stealing PINs this way, but technologists think it’s only a matter of time. “We believe that it is very likely to be adopted by adversaries who seek to stealthily steal sensitive private information,” Phoha and three others Syracuse researchers wrote in their paper, published last year by the Association for Computing Machinery. The technology is fairly simple for anybody familiar with programming, and the exploding use of smartphones provides many millions of targets.

On top of that, the increased use of phones for banking and managing other financial accounts makes PINs a lucrative prize for hackers.

There are limits to such image-analysis technology. It’s harder to detect PINs when people type them with two fingers rather than one, for example. The use of a full keyboard instead of a 10-character phone-style keypad makes it harder still, as does the use of capital letters and symbols that aren’t on a 10-character pad. And fingerprint validation in lieu of a PIN solves the whole problem, even though it’s available on only a small portion of smartphones at the moment, and not at all on ATMs and other gadgets requiring PINS.

As always, countermeasures will ensue if unseen PIN hacking were to grow into a major problem. Smartphone makers could create keypads that appear in different locations on the screen every time, foiling pattern-recognition algorithms that rely on consistent spatio-temporal dynamics. Keypads that jumble the 10 numerals in a different random order during each use might also do the trick, though they could also drive users crazy and encourage them to ditch the passcode because it’s too much trouble.

Meanwhile, protecting yourself against sneaky PIN hacking wouldn’t be difficult, once you know what to do. Keeping your phone completely out of sight when entering a PIN or other sensitive data is the most obvious step. Newer iPhone and Android devices allow you to choose a longer, more complex alphanumeric passcode over a simple 4-digit one (although typing it in can be a pain). And practicing good security—by using two-factor authentication, password-tracking apps and so on—helps improve security and speed the notification time if somebody has infiltrated your accounts. It’s probably safe to assume somebody is always watching. Sooner or later, they will be.


http://finance.yahoo.com/news/an-alarming-new-way-to-steal-your-passwords-135027327.html

Track your courier,package and parcel online with all major couriers like DHL,Blue Dart,UPS,DTDC,TNT,FedEx and more.
URL - http://courier-tracking.org