
Selfies reveal smartphone pin - rahmaniacc
http://hplusmagazine.com/2015/10/22/selfies-reveal-your-pin/
======
delish
From reading the article I can't tell "any selfie" reveals one's PIN. Is it
from smudges?

If so, one's PIN would be revealed when the screen's image didn't get in the
way.

This article (I tried to find a more informative one than this and failed--
maybe I'll try to find the presentation itself) seems to imply that one could
film at sufficiently-high resolution someone's face and eyes, and reveal what
was on their phone screen. Interesting stuff. Like Starbug says, "Everything
can be spoofed."

~~~
Nadya
Assuming a front-facing camera (as most people taking a selfie would use) then
they use the reflection of the phone in the user's eye to detect smudges on
the phone that would indicate a lock pattern or pin number (based on high-
smudged areas).

The order of the pin (4-6 characters on most phones?) would still need to be
figured out. So it depends how many guesses the user enables. With 24
different permutations of 4 digits and iPhones having "wipe the phone after 10
failed attempts" option this would have a little under 50% success rate.

Which is still a huge improvement over "just guess" but hardly "we can pwn you
from a photo every time" territory.

~~~
delish
I appreciate the quick-math here:

> With 24 different permutations of 4 digits and iPhones having "wipe the
> phone after 10 failed attempts" option this would have a little under 50%
> success rate.

and I agree with this:

> hardly "we can pwn you from a photo every time" territory.

It sounds like neither of us is concerned about being pwned from this. But I
take from this that given enough time, someone will find a way to get
unintended-data-emission from people, and it'll be from an unexpected source.

