What Is Shoulder Surfing?
When you think of hacking, you may think of a stereotypical cyber criminal sat in their basement remotely attacking organisations and servers in order to gain unauthorised access to systems. However, this isn’t always the case as most people seem to overlook one very basic security concern, shoulder surfing!
Shoulder surfing is technically another form of hacking as it allows users to “gain unauthorised access to data in a system or a computer”… But not everyone treats it the same as a full-scale attack where one remotely forces their way to your data.
So what actually is shoulder surfing? The hint is in the name. It’s the act of hovering over someone’s shoulder whilst they are working on their computer. During this time, you may see what passwords that they enter, how their network is configured and what sensitive files they have on their computer.
You no longer need fancy, expensive keyloggers or to spend thousands on deploying malware on websites, you just have to watch over their shoulder and see what they type.
Shoulder surfers can use physical tools such as binoculars, video cameras and some vision-enhancing devices to help them spy on your computer from a further away distance.
How can you avoid shoulder surfers?
Although what I’m about to tell you seems very basic, these following tips are extremely effective, regardless of how obvious they may seem.
One way to negate a shoulder surfer would be to install a device on your screen called a privacy filter. Most people tend to think this is some form of program or software that is installed on your machine, but instead, it’s almost like a screen protector like you would apply to your phone.
Privacy filters are made out of polarized sheets of plastic which removes all screen visibility except from users that are sat straight on to the screen. All a shoulder surfer would see is a black screen, so rest assured they can only see your device if they’re sat in your place, which should be easy to spot.
If privacy filters aren’t for you, you should also be mindful to tilt your screen away from people next to you so they don’t have an easy line of sight to your content. You may also want to create a physical barrier such as folders, binders or any other object to negate line of sight.
Another useful tip is to avoid doing work in crowded areas. Try to refrain from doing work in cafes, airports, hotel lobbies and other very popular public spaces. All of these locations make you an easy target and makes the shoulder surfer much harder to spot.
Criminals like to watch you input passwords or follow your keystrokes when on a sensitive page. But how can you stop their eyes from tracking the credentials that you enter? One popular solution for storing passwords would be a password manager. Using one of those, you’ll no longer have to manually enter your password as the fields autocomplete themselves. Say goodbye to key watchers as you’ll no longer have to enter your information.
Always be under the assumption that you’re on camera. I’m not saying be paranoid in public all the time, but imagine that your every move whilst on a computer is being recorded. It’ll help you be more cautious with what you do on your machine to help negate shoulder surfers.
We would also recommend having some form of 2 Factor Authentication setup on all of your accounts. Therefore, if they do manage to spy on your password or login details, they’ll still need your mobile or another external device to approve the login.
In conclusion, shoulder surfers are extremely effective and a much cheaper method to gaining sensitive information. They can be very difficult to spot but are in fact easy to block if some of the above points are taken on board.
One report shows that new technology has progressed to the point that an optical illusion can be implemented into smartphone logins which can easily thwart the plans of a shoulder surfer.
The new technology claims that by manipulating spatial frequency and several images, they can trick people into seeing different images depending on your distance from the device. Therefore, you may see someone entering ‘1234’ as their pin, but as the app randomises the order for each login attempt plus the different image, you probably entered something completely different to what they think.
If you would like to find out more about how we can help secure your human firewall, you can register your interest here.