National KE-CIRT/CC Cybersecurity Best Practice Guide Of The Week
In This Issue:
How can you protect yourself from shoulder surfing?
What is shoulder surfing?
Is the social engineering technique used to obtain confidential data like credential and authentication information, bank account numbers and passwords, among others.
It can be done in either short range by snooping over ones’ shoulder or long range by using the electrical devices like CCTV cameras, smartwatches and handheld gadgets like smartphone, IPod, IPad Tablet among others.
The long range is facilitated by the technological advancements in digital devices like using camera zooming with HD live streaming to zoom in on a mobile user in a M-pesa outlet.
The collected information can be used while accessing your PC, online medical records, social media accounts, Bank accounts and Mobile money accounts like M-pesa Airtel money, and Mobile bank accounts if manage to swap or steal your credit card or phone respectively.
The effects of successful shoulder surfing can be?
1. Cleaning out of Bank accounts or Mobile money accounts like M-pesa.
2. Breach or loss of information.
3. Identity theft.
How can you protect yourself from Shoulder surfing?
To what measures are you willing to go?
1. Take precaution while entering confidential information or filling out forms in publics.
2. Use privacy filter or anti-glare screen on your computer of handheld devices i.e. smartphones.
3. Be aware of your surroundings. Don’t access confidential information in people’s presence.
4. Don’t access confidential information in crowded places unless unavoidable.
5. Strategically sit or stand with your device display out of sight of CCTV cameras, people, or reflecting backgrounds like glass windows or walls.
6. Shield your keypad by body shielding or hand capping.
7. Use biometric authentications where possible i.e. fingerprint ID or face ID.
8. Angle your device so that people can’t see what you’re doing.
9. Use a VPN when connecting to a public network.
Future Techniques to curb shoulder surfing.
There are two techniques to prevent shoulder surfing among other attacks that have been discovered and tested but are yet to be implemented due to their implementation costs.
1. EyePassword or Gaze tracking technique
- Originally designed for the disabled, the eye tracker tracks the users pupil and calculates which keys or buttons the user intents to input and interprets the information accordingly.
- This is applicable for ATMs, Smartphones and computers, currently MacBooks.
2. Illusion Pin (IPin)
- Applicable in touchscreen devices including touchscreen and laptops. It employs the use of Hybrid images to blend two keyboards with different digit ordering.
- The user sees one keyboard which he/she uses to enter the pin while the shoulder surfer sees the other keyboard.