iPad App reads passwords, exposes flaws in protection

The app works by using the iPad 2's camera, and is able to harvest information from the screens of other iPads and iPhone

When typing in your sensitive information into a website, you know that pretty much every site always mask passwords. One reason for this is to stop people from snooping over your shoulder and stealing your logins. However, a security researcher has figured out a way of seeing past password masks.

Haroon Meer built a proof-of-concept iPad app, nicknamed shoulderPad, in an attempt to prove that just because information is hidden by asterisks, it won't prevent all nearby snoopers from "shoulder surfing". The app works by using the iPad 2's camera, and is able to harvest information from the screens of other iPads and iPhones.

Here's how it works: Hold the iPad up to the victim's screen as they begin typing, look inconspicuous, and the app will be able to relay the person's valuable information. The iPad can do this because when you type on the iOS keyboard, the key will be briefly highlighted. ShoulderPad uses image recognition algorithms to trace where the blue appears on the screen, and then accurately guesses which key was pressed.

Thankfully, Haroon is not offering the app to the public, seeing the damage that such technology could cause in the wrong hands. However, it is an eye opener in case you were ever wondering just how safe your information is as you type it out. For those thinking it may be time to get rid of your iOS devices, it's not just an potential flaw with Apple touchscreen products--researchers at an Italian company have also discovered a similar over-shoulder trick, which can pick up keyboards on Android and Blackberry smartphones too.

Until touchscreen phones stop highlighting keys as they are touched, maybe next time you are imputting a password, you should take a quick glance over your shoulder.

Check out more information about Haroon's app, or check out the video of the app in action.

Thinkst via TUAW and Forbes]

More stories like this...

iOS 4.3.4 Is Out; Fixes JailbreakMe 3.0 Exploit

Nook2Android Lets You Dual-Boot Your Nook Color

iOS 5 Beta 3 Jailbroken Already, Hack Available For Download

Get your GeekTech on: Twitter - Facebook - RSS | Tip us off

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags mobilemobile applicationsAccess control and authentication

More about AppleFacebook

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Elizabeth Fish

Latest Videos

More videos

Blog Posts