Fake pointers on your screen foil 'shoulder surfers'

EVER suspected somebody is stealing a glance at your screen as you log in to secure services like online banking in a public place? A blizzard of fake mouse pointers could foil such “shoulder surfers”.

Many online banking websites ask you to log in using your mouse and an on-screen keyboard, as these fool most keylogger viruses. The trouble is that a snooper can see exactly what buttons you press to enter your password. Alexander de Luca and colleagues at the University of Munich, Germany, decided to find a way to throw an attacker off the scent.

Their answer is to allow a user to call up an array of 16 different mouse pointers when the on-screen keyboard is active. Only one pointer is the one that you are actually controlling; the others appear to press keys at random to distract the snooper, says team member Emanuel von Zezschwitz.

In tests with 39 volunteers, they found a shoulder surfer was able to steal a password 90 per cent of the time without the fake pointers turned on. But when they used them, attackers succeeded only 5 per cent of the time with 16 fake pointers and 35 per cent with eight pointers. The work will be presented at a conference on computer interaction in Paris in April.

This article appeared in print under the headline “Fake pointers on your screen foil ‘shoulder surfers'”