что такое shoulder surfing attack
What is Shoulder Surfing? Tips to Prevent Shoulder Surfing Password Attacks
There are many different ways of stealing a password. You might think that all of them require technical knowledge or, at best, a computer that’s connected to the Internet. That’s not strictly true. With one technique, all you need to do to steal some pretty important information is a keen eye and a victim that isn’t paying attention.
Shoulder surfing, as you might have guessed already, is the name of this technique, and it comes from the fact that in its most basic form, it involves literally peering over the victim’s shoulder in order to obtain a password or another piece of sensitive data. There are other variations of the attack. Determined miscreants can steal passwords and other data from a significant distance as well with the help of binoculars or expensive filming equipment, for example, and in an especially James Bond-ish variant, the bad guys even make use of eye tracking technology to guess what your password is by examining which buttons on the on-screen keyboard you look at.
But how likely are you to be hit by a shoulder surfing attack exactly?
Every single person has their threat model, and this threat model is comprised of many different factors such as the person’s job, their financial status, and whether or not there are other people who want to harm them. The likelihood of being targeted by a shoulder surfing attack is largely dependent on your threat model. Let’s see some examples.
You may have heard of a certain Edward Snowden, a computer specialist that used to work for the NSA. Several years ago, he blew the proverbial whistle and embarrassed a few governments, which is why he currently resides in Russia. Many people in black suits would like to bring him back to the USA, and they wouldn’t mind having all his passwords as well. In other words, Mr. Snowden is very likely to be targeted by shoulder surfing attacks which is why, we can imagine that he doesn’t use public transport a lot. And when he was interviewed for a documentary called Citizenfour, he covered his head and laptop with a blanket when he entered his password, ensuring that nobody will see what he’s typing or looking at.
At the other end of the scale, you have Muriel – a 69-year old pensioner who has an old computer she hasn’t turned on in a while and a feature phone on a prepaid plan. It’s fair to say that she’s the last person the government would set up surveillance on, and even shoulder surfers looking for random victims won’t be that interested in her.
In all probability, your threat model sits somewhere in the middle between Edward Snowden and Muriel. Being an active internet user and having a PIN-protected bank card means that criminals can profit from your sensitive data, but at the same time, you are unlikely to be the target of large-scale operation carried out by people who refer to their colleagues by codenames. This means that while you probably don’t need a blanket every time you fire up your laptop, being wary of the danger is a good call.
What can you do to protect yourself from shoulder surfing attacks?
For a successful shoulder surfing attack, you need a small space with a lot of people crammed into it. The commuter trains and buses are an obvious choice and so is a queue at an ATM, but it can be basically any public place. It’s sometimes easier said than done, but you should be aware of your surroundings when there are many eyeballs around you.
Avoid entering your credit card details and filling out checkout pages when you’re in a public place, even if that means missing out on some tasty discounts. And if you absolutely must log in to your Facebook account while you’re on the train, take the time to look around and ensure that your fellow commuters aren’t overly curious. Using a strong password also helps because even if they see it, the crooks will have a hard time remembering it, and since most password managers enter passwords automatically, the attack will stop pretty much dead in its tracks if you use one.
It should be more common sense than wisdom, but when you’re at the ATM, cover your PIN while you’re entering it and try not to forget your card at the machine. In other words, be a bit more vigilant. After all, it’s your money that’s on the line.
Shoulder surfing isn’t the most widespread attack, especially when it comes to targeting regular users. The rewards you get from compromising random commuters on the train could be negligible, and at the same time, the risks of getting caught are not insignificant. With so many people having their smartphones seemingly glued to their hands, however, pulling off a successful attack doesn’t seem too hard. That’s why, regardless of whether you’re on your way to work or at an airport terminal, you need to keep your wits about you.
shoulder surfing
поиск с подглядыванием
Угроза безопасности, которая собирает информацию в местах с интенсивной деятельностью путем наблюдения за нажатием клавиш, чтения с экрана подвижного терминала или прослушивания звуков, исходящих от подвижного терминала (МСЭ-Т Х.1121).
[http://www.iks-media.ru/glossary/index.html?glossid=2400324]
Тематики
Смотреть что такое «shoulder surfing» в других словарях:
shoulder surfing — noun (informal) The practice of looking over the shoulder of a person who is entering a personal security code • • • Main Entry: ↑shoulder * * * ˈshoulder surfing 8 [shoulder surfing] noun … Useful english dictionary
Shoulder surfing — may refer to one of two things:* Shoulder surfing (computer security) * Shoulder surfing (surfing) … Wikipedia
shoulder surfing — pp. Stealing a computer password or access code by peeking over a person s shoulder while they type in the characters. shoulder surf v. shoulder surfer n. Example Citations: Telephone companies say they put a dent in this shoulder surfing by… … New words
shoulder surfing — The practice of looking over somebody s shoulder when they are using a computer, cash dispenser or other electronic device, in order to obtain personal information (identification, account number, password, etc.) is called shoulder surfing … English Idioms & idiomatic expressions
shoulder surfing — noun a) the use of direct observation, such as looking over someones shoulder at an ATM, in order to obtain information b) a technique in surfing requiring less skill See Also: shoulder surf, shoulder surfer … Wiktionary
shoulder surfing — /ˈʃoʊldə sɜfɪŋ/ (say shohlduh serfing) noun the practice of looking over someone s shoulder to see the PIN that they key into an ATM … Australian-English dictionary
Shoulder surfing (computer security) — In computer security, shoulder surfing refers to using direct observation techniques, such as looking over someone s shoulder, to get information. Shoulder surfing is particularly effective in crowded places because it s relatively easy to… … Wikipedia
Shoulder surfing (surfing) — In surfing, shoulder surfing refers to shoulder hopping. Shoulder hoppers do not take off on the critical part of the wave where there is a need for a high level of skill, but take off further down the line. They are often regarded as annoying by … Wikipedia
Surfing — This article is about stand up ocean surfing. For other uses, see Surfing (disambiguation). A surfer performing a late drop … Wikipedia
shoulder surfer — noun Someone who engages in shoulder surfing … Wiktionary
shoulder surf — verb To engage in shoulder surfing … Wiktionary
Что такое shoulder surfing attack
Shoulder surfing can lead to financial wipeout—yours.
What is shoulder surfing? Shoulder surfing occurs when someone watches over your shoulder to nab valuable information such as your password, ATM PIN, or credit card number, as you key it into an electronic device. When the snoop uses your information for financial gain, the activity becomes identity theft.
In this article, you’ll learn how shoulder surfers manage to steal information. You’ll also get tips on how to help keep yourself from becoming a victim.
Examples of shoulder surfing
That person in line standing behind you—you probably didn’t notice if it was a man or a woman—happened to be a shoulder surfer. As you bolted for the bus, your ATM left a message on screen for you: “Would you like to make another transaction?”
What happened? That person who was next in line hit the key “yes,” entered your PIN number and stole your money.
It’s easy to fall victim to shoulder surfing. Often, it happens when you’re distracted or in a rush. There’s a good chance you might be in a crowded, public place.
And guess what? A thief engaging in this low-tech crime might not even have to peer over your shoulder. Binoculars or a cell phone video camera—or even a keen ear—can capture information needed to pierce your finances.
Here are three other ways shoulder surfers might strike:
7 tips to help prevent shoulder surfing
Shoulder surfers prowl the borders of your personal space. Their goal is to notice without being noticed. Here’s how to help thwart them:
Practice smart habits and you can help prevent shoulder surfing from happening and leading to financial loss. Shoulder surfing is a dangerous sport, if you’re the victim.
Get LifeLock Identity Theft Protection 30 DAYS FREE*
Criminals can open new accounts, get payday loans, and even file tax returns in your name. There was a victim of identity theft every 3 seconds in 2019°, so don’t wait to get identity theft protection.
Start your protection now. It only takes minutes to enroll.
Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Start your protection,
enroll in minutes.
The LifeLock Brand is part of NortonLifeLock Inc. LifeLock identity theft protection is not available in all countries.
shoulder surfing
1 shoulder surfing
поиск с подглядыванием
Угроза безопасности, которая собирает информацию в местах с интенсивной деятельностью путем наблюдения за нажатием клавиш, чтения с экрана подвижного терминала или прослушивания звуков, исходящих от подвижного терминала (МСЭ-Т Х.1121).
[ http://www.iks-media.ru/glossary/index.html?glossid=2400324]
Тематики
2 shoulder surfing
См. также в других словарях:
shoulder surfing — noun (informal) The practice of looking over the shoulder of a person who is entering a personal security code • • • Main Entry: ↑shoulder * * * ˈshoulder surfing 8 [shoulder surfing] noun … Useful english dictionary
Shoulder surfing — may refer to one of two things:* Shoulder surfing (computer security) * Shoulder surfing (surfing) … Wikipedia
shoulder surfing — pp. Stealing a computer password or access code by peeking over a person s shoulder while they type in the characters. shoulder surf v. shoulder surfer n. Example Citations: Telephone companies say they put a dent in this shoulder surfing by… … New words
shoulder surfing — The practice of looking over somebody s shoulder when they are using a computer, cash dispenser or other electronic device, in order to obtain personal information (identification, account number, password, etc.) is called shoulder surfing … English Idioms & idiomatic expressions
shoulder surfing — noun a) the use of direct observation, such as looking over someones shoulder at an ATM, in order to obtain information b) a technique in surfing requiring less skill See Also: shoulder surf, shoulder surfer … Wiktionary
shoulder surfing — /ˈʃoʊldə sɜfɪŋ/ (say shohlduh serfing) noun the practice of looking over someone s shoulder to see the PIN that they key into an ATM … Australian-English dictionary
Shoulder surfing (computer security) — In computer security, shoulder surfing refers to using direct observation techniques, such as looking over someone s shoulder, to get information. Shoulder surfing is particularly effective in crowded places because it s relatively easy to… … Wikipedia
Shoulder surfing (surfing) — In surfing, shoulder surfing refers to shoulder hopping. Shoulder hoppers do not take off on the critical part of the wave where there is a need for a high level of skill, but take off further down the line. They are often regarded as annoying by … Wikipedia
Surfing — This article is about stand up ocean surfing. For other uses, see Surfing (disambiguation). A surfer performing a late drop … Wikipedia
shoulder surfer — noun Someone who engages in shoulder surfing … Wiktionary
shoulder surf — verb To engage in shoulder surfing … Wiktionary
The Secret
Security Wiki
Shoulder surfing is the term used to describe one person observing another person’s computer or mobile device screen and keyboard to obtain sensitive information. Direct observation can be done by simply looking over someone’s shoulder – hence shoulder surfing – or using binoculars, video cameras (hidden or visible), and other optical devices.
Typically the objective of shoulder surfing is to view and steal sensitive information like username and password combinations that can be later used to access a user’s account. Credit card numbers, personal identification numbers (PIN), sensitive personal information used in response to security questions (like middle name and birth date used for password recovery) are also targeted.
Shoulder surfing can be done by someone with malicious intent, in which case it can result in a security breach. Seeing a password or responses to security questions allows an attacker to access an account or reset a password. Shoulder surfing can also be done by a curious or nosy bystander, in which case it is simply an intrusion on privacy. Having your bank balances, paycheck, or medical history viewed by a nosy guy at the airport is considered by most to be unpleasant.
If you’ve ever had an IT person help you troubleshoot a problem on your PC or install a new app, then you might be familiar with the uneasy feeling when you’re asked to enter your password as the IT guy is looking at you doing this. This is shoulder surfing, only without the malicious intent.
Protecting against shoulder surfing is not always easy. Simple methods like adding a privacy screen protector can help limit the field of view to your screen, but it will not protect your keystrokes from being observed. More elaborate and expensive methods include gaze-based password entry, which makes it hard to observe password entry, but is very rare and used only in extraordinary situations.
Adding two-factor authentication will make it harder for an attacker to use stolen passwords or security questions but will not prevent shoulder surfing.
Passwordless authentication eliminates the use of passwords and therefore takes away the risk associated with stolen passwords altogether, including those stolen using the shoulder surfing technique. That said, it will not prevent shoulder surfing from stealing other sensitive data like responses to security questions or its unpleasant intrusions on privacy.