
Google Glass Snoopers Can Steal Your Passcode With a Glance - balbaugh
http://www.wired.com/2014/06/google-glass-snoopers-can-steal-your-passcode-with-a-glance/
======
techwizrd
The comments in the Wired article are pretty ridiculous and it seems as if the
article title is pretty sensational. The article also mentions that a Samsung
smartwatch is just as accurate and an iPhone 5 camera caught the PIN every
time. According to the article, a person with a $700 Panasonic camcorder can
steal your PIN from 4 stories up and across the street. You don't, however,
see any of the commenters in the article calling people with camcorders
pedophiles and asking for them to beaten up. The hysteria is ridiculous.

I think the solution given by the article researchers that randomizes the
locations of the numbers on the PIN entry is a much more effective solution
than wantonly destroying people's property or assaulting them because of a
perceived, imaginary threat.

~~~
mikecb
Unfortunately, randomizing the button locations would be an accessibility
nightmare.

~~~
dublinben
Security and accessibility are pretty much inherently opposed.

~~~
schoen
That brings to mind this tweet by Eleanor Saitta on a specific instance where
they actually are directly opposed.

[https://twitter.com/Dymaxion/status/464457530677420034](https://twitter.com/Dymaxion/status/464457530677420034)

(It's a case where _physical_ security and _physical_ accessibility come in
pretty direct conflict!)

------
ryanmcbride
It seems like any video enabled device can steal your passcode if it sees you
enter it. The phone they used did even better in glass from 10 feet away.

I hope this makes a push for more/better biometric locks on every day devices.

~~~
enraged_camel
>>It seems like any video enabled device can steal your passcode if it sees
you enter it. The phone they used did even better in glass from 10 feet away.

The difference is that when you record someone with a non-wearable device,
it's pretty obvious. In the phone example, you have to hold it up a certain
way, which will immediately alert the target (as well as anyone in the
vicinity) if they are paying attention.

With Glass though, who knows if you are recording or not? AFAIK there isn't a
red "recording" light that comes on, right? So as far as people are concerned,
you might just be casually glancing in their direction, except you aren't.

~~~
codeka
From the article, they were able to capture the PIN code from across the
street and two stories up using a camcorder. You're not even going _see_ that
person.

------
kator
Funny I've always worried about the mobile keypads because on top of that they
"echo" the character you typed. I'm paranoid and often try to shield the
screen when I type in my password. That said there are so many cameras
everywhere it's hard not to think that somewhere they got a good clean shot
and could figure out my password.

I don't use the same password on any two things so it's less useful to get my
mobile lock password then it might be for some but if you have a lock screen
pin or password you do get an amazing amount of stuff for free on a person's
mobile device...

------
uses
I'm not sure what I expected from comments on Wired, but that is pretty
amazing that all the most highly-upvoted comments are calling Glass users
"glassholes", pedophiles, and encouraging violence against them and/or their
Glass devices.

~~~
esbonsa
hopefully they are consistent and have the same comments about anyone having
their phone out of their pocket

~~~
esbonsa
Can someone explain why "phones" should not be considered a treat to privacy
if you think Google Glass is?

~~~
gress
You can see what people are doing with phones.

~~~
Oletros
Really? More than with a device that has a LED on when it is recording?

If you can see what is done with an smartphone how is there are such a number
of subreptitious videos and pictures taken with smartphones

~~~
gress
Google Glass does not have an LED on it when it is recording.

And yes, it is possible to make a surreptitious recording with any camera, but
there is no comparison.

With other cameras including cellphones, it takes a tricky and intentional
effort, with the risk of social consequences if discovered.

Glass is designed to make it ubiquitous and effortless to record people, with
no indication to those being surveilled.

------
lugg
> “I think of this as a kind of alert about Google Glass, smartwatches, all
> these devices,”

Why is it that its always a fault with the _new_ tech? I'm not a glass
esplorer but still I take offense to this kind of idiocy. The problem is with
passcodes/passwords in general, they have always been susceptible to this kind
of attack, adding in a video recorder doesn't change this.

------
rbanffy
We'll have to adjust to a world where everyone has perfect visual memory and
superhuman time perception.

~~~
schoen
This brings to mind the plot of Isaac Asimov's story "Lest We Remember".

[https://en.wikipedia.org/wiki/Lest_We_Remember](https://en.wikipedia.org/wiki/Lest_We_Remember)

That title was also the inspiration for the title of a paper I worked on:

[https://citp.princeton.edu/research/memory/](https://citp.princeton.edu/research/memory/)

------
CSDude
Another anti-Google propoganda with highly offensive comments (pedophile,
glasshole etc.) with high upvotes and not a single downvote.

You can do the exact same thing by hiding a camera in anywhere your body, and
they won't even be spotted like Google Glass. There are cameras as tiny as:
[http://youtu.be/CgtTg62GDfs?t=2m19s](http://youtu.be/CgtTg62GDfs?t=2m19s) and
I'm sure many intelligency agencies around the world have better cameras than
this on their agents, and some one might be actually using them. Additionally,
almost all the stores has security cameras, which are on top of you and
potentially can do the same thing, and you won't even notice.

~~~
gress
Which giant corporation is trying to popularize the daily use of these other
cameras?

~~~
gbog
You mean a big startup creating new projects in many different directions,
automated cars, wifi balloons, space elevator, open source os for mobile
devices, and smart spectacles?

~~~
gress
Do space elevators make it ok to invade people's privacy?

------
userbinator
I think it's a little odd that screens on _personal_ devices are going in the
direction of super-high viewing angles and brightness, as if letting everyone
else besides you see what you're doing is a good thing... even the unbranded
low-end Android I have has a screen with nearly 180 degrees of viewing angle.

However, this with a randomised button layout solve the problem quite well:

[http://solutions.3m.com/wps/portal/3M/en_US/SDP_NaturalView/...](http://solutions.3m.com/wps/portal/3M/en_US/SDP_NaturalView/screenprotector/cell-
screen-protector/mobile-privacy-film/)

------
gbog
It is weird to not see a single comment calling for the long due death of
passwords as authentication.

They have so many drawbacks, they are annoying each and every employee that
works with a computer on earth, we have weekly massive password leakage posts
on HN (only tip of the iceberg), and apart from fingerprints there is no
contender?

Guys, startup creators, hackers, engineers: wake up! Find something, anything!

In 30 years, when passwords will be past, our future selves will be amazed to
read stories about passwords: how could we bear this skyscraping level of
stupidity and annoyance.

------
lvs
You know what else can steal your passcode with a glance? My eyeballs.

~~~
enraged_camel
Yeah, but there is something to be said about Glass making it possible (and
trivial) to record the sensitive information. Not only that, you can also be
recording the person, and can later look up their face, potentially figure out
their identity, and then proceed with identity theft.

You can't do that with just your eyeballs.

~~~
dragonwriter
> Yeah, but there is something to be said about Glass making it possible (and
> trivial) to record the sensitive information.

Google glass didn't make that possible, the invention of the video camera did.
Plenty of those around -- often in compact form -- with or without Glass.

~~~
Tycho
But you'd look pretty damn conspicuous holding up a camera while someone was
entering passwords or accessing sensitive info.

~~~
dragonwriter
> But you'd look pretty damn conspicuous holding up a camera while someone was
> entering passwords or accessing sensitive info.

Not at the distance from which a decent camera (as discussed in the article)
can capture it, you wouldn't -- what Glass can do from 3 meters away, the
camera they tested in the article could -- with greater reliability -- through
a window 44 meters away (four stories up and across a street).

~~~
Tycho
Unless something gets between you and the target 44 metres away and blocks
your view. Then your master plan is foiled.

------
daenz
Seems like an easy solution: randomize the PIN keypad layout with every key
press.

~~~
TOMDM
If you wanted to take it a step further, the touch screen could have a very
narrow viewing angle, have the angle of the screen automatically or manually
rotate to the users eye level, and then someone standing next to you would
just see a blank screen. With random keys on top of that, someone would
literally have to poke their head over your shoulder to see.

