Shoulder Surfing 2.0 presented at ekoparty 2013

by Federico Pacheco,

Summary : Getting a password never was a silver bullet try, and as an ethical hacker you may need to do it often. Despite there are a lot of technical ways to do it, like sniffing, bruteforcing, rainbow tables, keylogging or just guessing a secret question, there is an old non technical way that had no twists at all until these days: shoulder surfing. This research shows a new technique to guess a password, based on the old-school shoulder surfing, by using just a cellphone, a $1 gimmick, and a free software. Additionally, this work shows some funny data and stats about our way to type passwords in keyboards and cellphones.