Wednesday, December 3, 2014

Shoulder surfing

Shoulder surfing (computer security) 

In computer security, shoulder surfing refers to using direct observation techniques, such as looking over someone's shoulder, to get information. It is commonly used to obtain passwords, PINs, security codes, and similar data.

Occurrence
Shoulder surfing is particularly effective in crowded places because it is relatively easy to observe someone as they:
  • fill out a form
  • enter their PIN at an automated teller machine or a POS terminal
  • use a telephone card at a public payphone
  • enter a password at a cybercafe, public and university libraries, or airport kiosks
  • enter a code for a rented locker in a public place such as a swimming pool or airport
  • enter a PIN or password on their smartphone
  • public transport is a particular area of concern.

Prevention
Some automated teller machines have a sophisticated display which discourages shoulder surfers from obtaining displayed information. It grows darker beyond a certain viewing angle, and the only way to tell what is displayed on the screen is to stand directly in front of it. Although this prevents an observer obtaining some information, e.g. account balance, it is generally not required to protect the PIN, because the PIN is typically not displayed during entry.
Certain models of credit card readers have the keypad recessed, and employ a rubber shield that surrounds a significant part of the opening towards the keypad. This makes shoulder-surfing significantly harder, as seeing the keypad is limited to a much more direct angle than previous models.

1 comment:

  1. Valuable information, Salama, about shoulder surfing. I liked most the prevention methods addressed, however, don't you think that educating people about the dangers of shoulder surfing and the protection techniques is the most effective prevention method over all?

    ReplyDelete