Researchers Designed App to Protect PINs from Shoulder Surfers
August 30, 2017
Shah Sheikh (1294 articles)

Researchers Designed App to Protect PINs from Shoulder Surfers

A PIN password might seem like a secure way to lock a device but, considering how easy it is for a stranger to peak over your shoulder, it might not be that all that secure. Soon, an app called IllusionPIN might help protect your PIN by muddling the keyboard so the numbers appear normal from a distance but randomized when seen up close.

PIN sign-ins are a popular authentication method for various software and devices, from smartphones to ATMs. These relatively short string of digits are easy to remember but, for much the same reason, they are also easy to crack.

“The traditional configuration of numbers on a keypad is so familiar that it’s possible for an observer to discern a PIN or access code after several viewings of surveillance video,” Nasir Memon, a New York University Tandon School of Engineering professor, told Digital Trends. Memon said his team’s aim was to make PIN authentication more secure without requiring much more work from the device or making user experience any less smooth.

The app they developed uses a hybrid-image keyboard that tricks the eye when viewed from a distance of a few feet or more. The specific technology combines an image of a keyboard with a high spatial frequency and a different image of a keyboard with a low spatial frequency. The visibility of each image depends on the distance from which it is seen and results in an illusion that deceives the eye of a “shoulder surfer” so that the keyboard appears to be normal when, in fact, it isn’t.


To test whether IllusionPIN would actually trick an onlooker, the researchers performed 84 shoulder-surfing attacks on 21 participants as they entered their PIN using the app. In a study published online last one in the journal IEEE Xplore, the researchers report that none of the attempted attacks were successful. They also preformed one attack on each participant without using IllusionPIN, each which successfully identified the password.

Moving forward, the team will explore ideas for deploying their technology on smartphones, ATMs, and computers.

Source | Digital Trends