Security & Privacy

How to Steal an iPhone’s Passcode (from up to 150 feet away!)

Posted on July 2nd, 2014 by

Many of us know the danger of shoulder-surfers.

Those are the people who lurk beside you, or peek over your shoulder, as you enter a password on your computer or tap the PIN code into an ATM.

But did you know that the people stealing your iPhone or iPad passcode could be up to 150 feet away, and not even able to see your device's screen?

It sounds like science fiction, but researchers at the University of Massachusetts Lowell claim they can easily steak smartphone passcodes as they are typed in, even if they are well out of arm's reach.

Xinwen Fu, a scientist who worked on the project, described to Wired how the research revealed that passcodes could be determined on iOS and Android devices even when the screen itself wasn't visible, by tracking and taking video of the users' finger taps.

Spying on a passcode with Google Glass.  Image source: Cyber Forensics Laboratory at University of Massachusetts Lowell

Spying on a passcode with Google Glass. Image source: Cyber Forensics Laboratory at University of Massachusetts Lowell

Unsurprisingly, different hardware in the hands of the would-be hackers produced different results.

Google Glass could detect a passcode with 83% accuracy, from a distance of three feet. A $72 Logitech webcam scored a more impressive 92% accuracy.

Best of all was the iPhone 5's built-in camera, which accurately identified passcodes 100% of the time.

But before you smirk and admit you have to applaud Apple for the quality of their smartphone camera, here's something else to consider.

A $700 high-definition Panasonic camcorder, almost 150 feet from its intended target, was able to extract the passcode from a victim's iPad with its optical zoom.

Capturing passcodes at distance with a high-definition camcorder. Image source: Cyber Forensics Laboratory at University of Massachusetts Lowell

Capturing passcodes at distance with a high-definition camcorder. Image source: Cyber Forensics Laboratory at University of Massachusetts Lowell

Of course, despite its poorer performance, Google Glass might be the one to be most concerned about - as it can take video footage so surreptitiously.

“Any camera works, but you can’t hold your iPhone over someone to do this,” says Fu. “Because Glass is on your head, it’s perfect for this kind of sneaky attack.”

How to Protect Yourself

My first recommendation is to stop using simple four digit passcodes for your iOS devices. Even though the researchers claim that longer passwords (that aren't just limited to the numbers 0 to 9) don't appear to be dramatically harder to crack, they clearly provide a higher level of security.

You can do this by going into Settings / Passcode (you may be asked for your existing passcode at this point), and toggling "Simple Passcode."

Disable simple passcode

Secondly, if you're worried that someone might be snooping, obscure your keypresses as you unlock your iPhone, iPad or indeed Android device - just like you would shield the numeric pad as you enter your PIN at a cash machine.

Finally, don't let your iDevice out of your sight! Yes, it's bad if your passcode ends up in the wrong hands - but the bad guys can't actually do anything with it unless they manage to get physical access to your device.

Xinwen Fu and his fellow researchers will present a paper about their research at the Black Hat conference later this year, and release an Android app called PEK (Privacy Enhancing Keyboard) that randomizes the buttons on a lockscreen keyboard to make snooping via this method considerably more tricky.

To demonstrate a fix for that PIN privacy issue, the researchers have built an Android add-on that randomizes the layout of a phone or tablet’s lockscreen keyboard. They plan to release the software, dubbed Privacy Enhancing Keyboard or PEK, as an app in Google’s Play store and as an Android operating system update at the time of their Black Hat talk.

Will an app like PEK ever be released for iOS? It's hard to imagine it happening any time soon. Apple has tight control over many aspects of its operating system, making it impossible for third-parties to mess with such fundamental aspects as the iPhone/iPad lock screen.

Unless, of course, you've decided to jailbreak your iOS device - in which case you could have any number of other security issues to consider... ;-)

About Graham Cluley

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley. View all posts by Graham Cluley →
  • melci

    Umm, I know having the word iPhone in your title will get you more hits but considering the iPhone 5S with its TouchID fingerprint reader is the highest selling iPhone these days, it means modern iPhone users are not susceptible to this hack.

    Why you don’t mention Apple’s fingerprint reader is the obvious solution in your list of mitigation strategies one has to wonder.

    • Dylan

      And how any stolen iPhone 5s can be dusted for the print right on the home button, which can easily be used to unlock the phone. Phones are easy to break into thats why so many people steal them, just stay away from mobile banking!!!

      • melci

        Ah yes because we all know that photographing a good fingerprint at 2400dpi, printing onto transparent sheet with a special thick toner setting, smearing with pink latex, waiting for it to cure then carefully lifting the latex sheet and then moistening it and hoping it’s the correct finger is far simpler and quicker than simply watching or video-recording someone press their code. *rolls eyes*

        Meanwhile, in the real world iPhone thefts have plummeted since Apple implemented Lost Mode and Activation lock which mean any hack that takes as long as this to process is dead in the water before it started.

  • Feanorr

    I think it’s a bit irresponsible not to discuss how incredibly unlikely an attack like this is going to be in the real world. It’s way too much effort: the average “bad guy” isn’t going to have the skills or equipment for many years to come, and anyone who does have the skills or equipment almost certainly wouldn’t get enough in return for their time & effort. And if they wanted to get at you it’d probably be far easier to just break into your home and/or hack your wifi network.

    There is no such thing as absolute security: if someone really, really wants something you have, they can get it. Security is about making life difficult for the “bad guys”, not making it impossible for them (that is itself either impossible or will just make life impossible for you). If you don’t make that clear in your articles you risk just engendering paranoia in those with a little bit of, but not enough, knowledge.

Join Our Awesome Email Newsletter

Enter your email address below to start receiving the best Mac Security Updates.

{"url":"\/marketo\/json\/add-to-newsletter","data":"list_name=Blog Roadblock"}