DISCLAIMER: The article is intended to be used and must be used for informational purposes only.
Be it a 6-digit code, a plain text key, or a picture password, your smartphone and desktop passcode can be easily hacked. Let’s look through the list of both widely-known and surprising ways to steal one’s password with ease.
So, you’ve entered your security password and simply put your smartphone away. According to the scientists from the University of Stuttgart and their colleagues from the Ludwig Maximilian University of Munich, even this is unsafe. With the help of compact thermal imaging, the researchers managed to identify 90% of 4-digit passwords entered on the screen. The graphic code was recognized in most cases even half a minute after the target entered the code.
If a hacker hides the thermal imaging in their sleeve, you'll never guess that a usual passer-by has leaked your code. To protect your passwords from intruders, the researcher recommended smartphone users to make accidental swipes on the smartphone screen. Other ways include increasing the display brightness or high CPU load.
A high-resolution camera can easily make a high-quality photo of the fingerprints left on the device’s screen. This method was researched and described by scientists at the University of Pennsylvania in the far 2010. Nowadays, fingerprints can be captured by even an amateur camera or a good smartphone. It’s pretty easy to pretend you are taking a photo of your dinner while capturing your colleague’s smartphone screen.
This method is suitable for detecting fingerprints after entering a graphic key, identifying a PIN-code, or an alphanumeric password. However, if the key doesn’t contain a word, phrase, or birth date, there will be an abundance of variants of the letter and digit order.
“The more complicated the graphic key is, the easier it can be identified”, researchers say. It’s enough to sit near the victim at a 5-meter distance and simply record a video of the unblocking process. Further, the video is uploaded in a special application that analyzes fingers’ movements and offers up to 5 variants of the password. In 95% of cases, one of the offered keys will work.
Adrian Colyer, an ex SpringSource CTO, described how to leak a PIN-code with the help of analyzing the Wi-Fi signal. The technology is called WindTalker. Colyer proved that finger movements on the screen influence the Wi-Fi signal. If hackers set up a hotspot, they’ll be able to track this interference.
In Colyer’s experiment, the researchers managed to hack an Alipay account, one of the hugest and safest payment platforms in the world. The application offered them 3 passwords and one of them matched with the real one. This method is 68% accurate. The more data you have, the more accurate the analysis is.
If a hacker sets a special scanner near your workplace, they can also capture your password or PIN-code by monitoring your hand movements on your smartwatch or fitness tracker.
The experiment was held in the Stevens Institute of Technology and the State University of New York at Binghamton. The researchers created a scanner that monitors the electromagnetic spectrum from smartwatch sensors. The data from the scanner was transmitted through Bluetooth.
The results of scanning are processed in the application that identifies up to 5 thousand key movements. For creating the algorithm more than 20 users were involved, 2 smartphone models, and a fitness tracker with a standard nine-axis accelerometer.
The victim’s password is detected in 80% of cases on the first try. If a user enters the same combination twice, the key is identified in 90% of cases. The more sensors the device has (gyroscopes, magnetometers, accelerometer), the more accurate the result will be.
Your desktop can capture a screenshot at any moment, even when you’re entering your password. This ability was discovered by Felix Krause, Fastlane Tools founder, at the end of 2017. A screenshot is captured by the CGWindowListCreateImage feature that doesn’t require the user’s permission. The malware capturing screenshots can run in the background and have access to every pixel.
Installing a keylogger or a spy app is one of the most popular ways of leaking one’s passwords among usual users. The advantages of this hacking method include its availability (there are a lot of keyloggers on the market today) and simplicity of use. It’s suitable for even non-tech savvy people since installation takes up to 5 minutes and spyware allows viewing of the data in a few clicks.
A spy app is installed on the target device, configured, and hidden from the target user. Once installed, a keylogger starts capturing all the data from the target device, including passwords, credentials, social media chats, and more. All the recorded data is sent to the hacker’s online account where they can view the logs while the target doesn’t suspect that they are being monitored.
Interestingly, such apps now are widely used for legal purposes like parental control and employee monitoring. Parental control apps like EvaSpy usually have a family-friendly design and allow parents to check any kind of their kid’s activities.
Also known as man-in-the-middle attacks, this hacking method is perfect for leaking one’s passwords. Frequently, sniffers like Intercepter-NG are used with the help of MITM attacks to capture one’s passwords and cookies.
The captured data allows logging into one’s accounts, viewing the downloaded files, etc. Besides, the application makes it possible to delete the user’s cookies making him enter the credentials again. Earlier, the tool allowed even iCloud password capturing but Apple developers fixed this quickly.
Level up your reading game by joining Hacker Noon now!