Feeds

Japanese password protector floods screen with hoax cursors

Password peepers foiled by camouflaged cursor

Securing Web Applications Made Simple and Scalable

Japanese boffins have demonstrated a rather nifty way of preventing online password theft by screen capture and shoulder surfing – flood the screen with a barrage of dummy cursors.

Researchers at the government backed Japan Science and Technology (JST) Agency showed off the rather unusual approach to preventing fraud to local tech vid site DigInfoTV.

The technique works by camouflaging the user’s cursor so anyone looking over their shoulder or remotely taking screen grabs of the page will not be able to detect which keys on the software keyboard are being chosen.

The dummy cursors are designed to move in a random fashion across the screen to make it even more difficult to spot the real one, although apparently they need to number around 20 before detection rates drop to low enough levels.

"At first sight, it looks as if the user, too, will get confused which cursor is real,” said Keita Watanabe of the JST’s Igarashi Design Interface Project.

“But when you try this system, it's surprisingly easy to understand which one is your cursor. Observers though, don't know which cursor you're using.”

The project, part of the JST’s long running research program Exploratory Research for Advanced Technology (ERATO), has also been working on designs for circular software keyboards to fool password peepers.

The SymmetricCursors system also uses dummy cursors to hide the movement of the real one, but with each moving at the same speed around a clock-face keyboard it becomes even more difficult to obtain the user’s PIN.

The researchers will be looking to spin out other security applications based on this technology but first need to “find out more about how people recognise their cursor”, by studying eye-tracker and functional magnetic resonance imaging (fMRI) tests, Watanabe claimed. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.