Is password entry being recorded on camera a realistic concern?

  • I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras may become commonplace in other devices like glasses.

    It has occurred to me, when out in public and entering my username/password into apps on my phone and laptop, that if a camera could capture both my screen and my keyboard, it could be fairly straightforward for a viewer to grab or guess my credentials from the footage assuming a high enough resolution image and the view not being (too) obscured.

    Without going too much into the details of how it would be implemented, the accuracy and cost etc, I have a background in image processing and so am also aware that this would likely be automatable to at least some degree.

    So I thought I would ask the community here if this is actually a viable risk? Have there been any known instances of it happening already? Are people thinking about this with respect to the viability of plaintext credential entry into apps in the long run?

    Entering credentials in public is always a risk.

    Related: Snowden's Blanket - He wouldn't use the blanket if there was no risk of seeing him type.

    Take a look at TOTP - Time-based One Time Passwords. Typically used for 2FA, you can use them as the only factor as well. I have a few servers set up that accept either for SSH.

    Well, my bank will (against my explicit consent) pay up to 50€ per transaction without my card ever being inserted in a reader, only using some wireless transponder shit, and without any security token whatsoever being provided. So, seeing how my south Korean phone unlocks on my fingerprint and keeps my _super important_ Instagram password hardware encrypted, I see password skimming as the smaller of two problems.

    Who is your adversary in the threat model? Government has such plenties of cameras, but doesn't need you to disclose your password to spy on you.

    `Who is your adversary?` - anyone who has access to the camera footage

    Use 2FA. Then it doesn't matter. OTOH, that's really only protection from shoulder surfers and skimmers (real and virtual) it does nothing to stop governments or people with resources who could compromise things on the server side making whatever you do irrelevant. Also, it's really only a concern if a camera is setup specifically to watch people do a particular thing like enter ATM PINs. A normal surveillance camera 30' up a pole 100' away isn't going to be a lot of help in guessing your PIN

    I'm starting to think that Android's random "you can't use fingerprint, must enter password now" was implemented specifically for those CCTVs to catch your password.

    *anyone who has access to the camera footage* Sorry, but that is overthinking stuff. I doubt that a random employee from a company managing city CCTV, is interested in random you. So, again **define your threat model**. You are currently getting answers that are all over the place because you did not do so.

  • schroeder

    schroeder Correct answer

    3 years ago

    Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.

    Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.

    And this is one reason why multi-factor authentication is so important; even if you know the password, you cannot use it without another factor.

    I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.

    So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.

    The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.

    I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.

    I think the new factor with cameras is the potential for scale through both wider passive capture and automation

    @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.

    @schroeder Why are you putting cameras in an office building? In Italy it's a crime to record employees in their workplace. You can put cameras *at the entrance*, but just recording an office room is illegal without any special motivation and the approval of the "Privacy regulator" for the city. This fixes the problem at the source. Obviously somebody else could try to put an hidden camera but that's true everywhere at anytime.

    @Bakuriu I might humbly suggest that not everyone lives in Italy. Especially in cases where a company has sensitive info to protect, or high-value goods, further video surveillance may be warranted to minimize liability and risk.

    @DoktorJ That was an example. The point is: the number of situations when installing cameras to record employees at their computers **in an office** are extremely rare, since the office itself should be a physically controlled place. If you have outsiders/clients etc coming and going all the time that's not really "just an office" in my mind and poses different security requirements.

    @bakuriu the answer is simply that there was a business need and there were no barriers to doing it the way we did

    @schroeder High-res photos of fingerprints is why biometric identities should always be considered a _username_, not a password. After all, they are not secret.

    Somehow I doubt that Kanye's passcode would have actually been a barrier to an attacker capable of obtaining access to the phone... =)

    @Bakuriu but consider a retail situation: staff enter supervisor passwords (which CCTV operators shouldn't know), customers unlock devices to pay by NFC, etc. An office is only one environment

    *Shoulder-surfing is **one** reason why applications do not display the password text on the screen* (emphasis mine) - out of curiosity, do you know others? (maybe screenscating, as a afterthought)

    @WoJ I was thinking of screenscraping

    Yes, that was my thought as well - which would have been clearer if I could actually write correctly ("screenscating" in my comment was intended to be "screencasting" :))

    @schroeder wooow do you have a source easily accessible for that fingerprint-replica case? Googling found a few cases of someone making a mold with help of the phone's owner, but not from a photograph.

    I recall seeing a white paper about using a mobile device's accelerometer to collect data sufficient to recover keystrokes (on the same or another device sitting on a table, iirc). Here's an article I could find easily.

    I recall reading something about video taken from a window of a shiny object (like a teapot) being used to see what was typed and shown on a user's screen. I think this theoretically possible using the reflections from glasses and possibly even eyes. The point being that the camera may not need to be behind you.

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM