Threat Category: Authentication: User to Device
ID: AUT-3
Threat Description: If an attacker can record or gains access to video recorded by a camera or similar device with line-of-sight on a user’s mobile device while he or she is entering a PIN, password, or other secret, the attacker can attempt to infer that secret. Success of the attack will vary based on various factors, but increases with higher resolution recordings, greater proximity, a less-obstructed and direct (perpendicular) view of the device, and the opportunity to analyze multiple recordings of a user’s keystrokes over time.
Threat Origin
Not Applicable, See Exploit or CVE Examples
Exploit Examples
Black Hat: Google Glass Can Steal Your Passcodes 1
CVE Examples
Not Applicable
Possible Countermeasures
When entering PINs, passwords, or other secrets, limit visibility of the device to others.
Use devices and applications that support biometric authentication methods (e.g. fingerprint), which are not as easily captured by casual recording methods as entry of PINs or passwords.
Increase the minimum length and reduce the maximum lifetime of passwords and PINs to reduce the probability a inference attack will be successful.
When possible, configure remote services with authentication mechanisms that allow the use of random one-time passwords, which if recorded during entry, cannot later be used to authenticate.
To prevent a successful password inferrence attack from singly enabling authentication by an attacker, configure sensitive services to require 2-factor authentication.
EnterpriseUse devices and applications that support biometric authentication methods (e.g. fingerprint), which are not as easily captured by casual recording methods as entry of PINs or passwords.
Increase the minimum length and reduce the maximum lifetime of passwords and PINs to reduce the probability a inference attack will be successful.
When possible, configure remote services with authentication mechanisms that allow the use of random one-time passwords, which if recorded during entry, cannot later be used to authenticate.
To prevent a successful password inferrence attack from singly enabling authentication by an attacker, configure sensitive services to require 2-factor authentication.
Mobile OS DeveloperTo increase the difficulty of visual or sensor-based inference attacks on entries by the on-screen keyboard, a randomized keyboard layout for PIN or password entry could be implemented as a feature of the mobile OS.
References
T. Simonite, “Black Hat: Google Glass Can Steal Your Passcodes”, MIT Technology Review, 7 Aug. 2014; www.technologyreview.com/s/529896/black-hat-google-glass-can-steal-your-passcodes/ [accessed 8/25/2016] ↩