Worth Reading: Automated shoulder surfing for tablets
The researchers at Thinkst have a new twist for the art of shoulder surfing – the technique of reading someone's password by watching what keys they press – they are automating it for tablets. In an article, the researchers show how tablets make shoulder surfing easier because on-screen keyboards illuminate the keys that have just been pressed to provide feedback.
Then, using the open source computer vision library OpenCV and their own code, they show how to automatically locate the on-screen keyboard and read the blue feedback flashes to reconstruct the keystrokes.
A blog posting has more videos, while a page on Thinkst's site goes into more detail and is also available as a pdf document. The researchers' conclusion is that "in an attempt to provide feedback to users, current mobile devices take 2 security steps backwards leaving us less secure than we were in the past".