Here’s an interesting piece of work being done by boffins at the Japan Science and Technology Agency (JST).
Many of us are aware of the problem of spyware, designed to snoop upon our computers, and steal files and data.
One common weapon in spyware’s arsenal is the ability to seize passwords by intercepting keypresses (known as keylogging) as users log into their email or access their online bank accounts.
Some banks have, of course, responded to this by producing virtual keyboards on their login pages which don’t require you to type a password – but instead choose the correct sequence of letters and numbers with your mouse instead.
Of course – as is seemingly always the way with the cybercrime arms race – motivated malware writers responded to this defence, and developed more sophisticated spyware which took screenshots or even a mini-movie in order to grab passwords.
And that’s what the Japanese researchers hope to have defeated with their new system. By having multiple cursors randomly moving across the screen, they hope it might make it nearly impossible for passwords to be captured by screen-capturing spyware or shoulder surfers.[youtube=http://www.youtube.com/watch?v=9NmTPSgQjDs&rel=0&w=500&h=281]
It’s certainly a fun video, and might make things tricky for a password thief looking over your shoulder – but would it really defeat cybercriminals?
If the Japanese system was widely adopted, is it not possible that – just as malware authors evolved their attacks to steal screenshots rather than just grab keypresses – malware would be developed which would interrogate the computer and ask for the co-ordinates of the mouse cursor?
A screenshot could then be taken with the real cursor’s location highlighted in red.
I hate to be a wet blanket, but I’m not convinced this fun research spells the end to password stealing.
What do you think of this research? Do you think it would be a good think if online banks and others adopted it? Or is it just a bit of fun? Leave a comment with your thoughts below.