In a real IoT digital world, in recent times, we are more about our personal information that is stored in smartphones. There is an urgent need to protect them from unauthorized access from other people. The first line of defense of a smartphone is its screen lock. Thus, many screen locking functions have been designated with a predefined objective of minimizing, if not eliminating the maximum chances of unauthorized access through attacks such as shoulder surfing.
This article provides an overview of the state review of research on non-biometric shoulder surfing moves screen locking methods with the objective to identify the techniques used by these methods in defending reports against shoulder surf attacks on the target.
How does a Shoulder Surfing Attack Works?
A shoulder surfing attack explains a situation when the attacker can physically view the devices screens and the password typing keypad to obtain personal information i.e. one of the group of attack methods requires the hacker (attacker) to be physically close to the victims for the attack to succeed and thus a few shoulder surfing attacks will occur with intruders virus malicious intentions or virus malware accessing it. Some similar might result from nosy to people, where it is more an invasion of our privacy.
Therefore it might be simply looking over the victim’s shoulder as the name suggests. Analyzing some hacking base, attackers will use binoculars, miniature video secrete cameras, or other optical technology based devices to spy on their victims. The aim is to get information such as usernames/IDs, passwords, personally beneficial or sensitive information, and credit card numbers to profit from it using Shoulder Surfing in Cyber Security.
Example:
- if we are using an ATM Card, someone positioned themselves in such a way that they are enabled to watch it when you enter your PIN. In a rush, you leave the ATM with your card and money without making sure it had exited entirely out of your accounts. If the ATM doesn’t require the card to be inserted for the all-over full transaction, other transactions are secured if you don’t confirm that you have any other transaction to make as long as the attacker knows your ATM PINs.
- This victim accidentally leaves their devices in public places and watches the victims as he enters their passwords encryption into their computers PC just moments before, the attacker can unlock the device or view it with this information, putting any frequent sensitive data on the computer at its own risk.
- When there is Crowded public in transmitting making the work it easy for attackers to see the devices screens of others or hear conversations of others. In this phase, they’re literally looking for an attack over the victim’s shoulder.
How to Prevent Shoulder Surfing Attacks:
The following are simple ways to protect yourself from shoulder surfing in a daily basis when entering or accessing personal secret data on a virtually protected device in daily life basis:
- Looking for an area of space free where your back is against a wall.
- Never give or share your password or any vital information to anyone.
- Spending more for a screen filter or protector to obscure the visibility of the displays.
- never share such open personal accounts in public local places.
- Locating a quiet spot away from the crowd.
- Password-less authentications can eliminate the usability of passwords.
- Adding two-factor authentication on your devices.
- When entering data on a mobile phone in public places, please sit with your back to the wall to protect yourself from any attack.
- Locking your own mobile or any devices whenever you leave them.