Sign up to our newsletter
The latest security news direct to your inbox
A futuristic app uses Google Glass to add an extra layer of privacy for users withdrawing cash from ATM machines – by displaying a one-time personal identification number (PIN) which only the Glass user can see. Even attackers armed with Google Glass can’t decode the PIN – and watching users enter a PIN is useless, as it changes each time.
The system, known as Ubic, and designed by staff at Saarland University and shown off at Germany’s CeBIT show, displays the PIN as a QR code readable only by that pair of Google Glass.
“Although the process occurs in public, nobody is able to spy on the PIN”, says Dominique Schröder, assistant professor of Cryptographic Algorithms at Saarland University.
The PIN is generated each time the Glass user approaches an ATM, so conventional methods such as spying on a PIN as it is typed in are also useless, according to Gizmag’s report.
“We know that you can use Google Glass to abuse data. But it can also be used to protect data,” Schröder says. The system is more secure than sending new PINs to smartphones, which can be spied on by attackers, according to Technocrazed’s report. Google Glass is expected to be available to consumers this year, according to Ubergizmo’s report
The system works using tried cryptographic methods, and is immune even from attackers wearing Google Glass themselves, the researchers say.
Standing in front of the ATM, “requests from a reliable instance the public key of the customer. It uses the key to encrypt the one-way personal identification number (PIN) and seals it additionally with a “digital signature”, the digital counterpart of the conventional signature,” the researchers say. This signature protects the PIN from being decoded by other Glass users, even if they are armed with a copy of the app.
“The result shows up on the screen as a black-and-white pattern, a so-called QR code,” the researchers write. “The PIN that is hidden below is only visible for the identified wearer of the glasses. Google Glass decrypts it and shows it in the wearer’s field of vision.”
Author Rob Waugh, We Live Security