Visual Hacking: The Eyes Have It

Written by

A decade or so ago, I was sitting on a train in the UK working on my laptop, as I often did in those days (and was indeed expected to do). How else do you manage the unpleasant combination of an overweight workload and too many meetings in distant cities?

(When I first started in that particular job, I was actually permitted to travel first class so that I could work with reasonable comfort and privacy, but later that privilege was withdrawn.  The expectation that I'd use my travel time productively remained, however.)

Since I'd been working in security management for quite a few years by then, I was well aware of the issues around eavesdropping and shoulder surfing—I'd been writing about them for years. I wasn't going to work on anything top secret in a far-too-cosy railway carriage, and in any case I didn't work directly with sensitive data.

Still, I was mildly surprised when the guy next to me started to give me advice. Not on being careless with my email. He wanted to tell me what the political football that was paying my mortgage at that time should be doing about whatever I was reading. I guess I was surprised mostly because personally, I wouldn't even sneak a read of my neighbour's newspaper, let alone his or her email. And if I did, I'd at least have the grace to pretend I wasn't eavesdropping.

Not that it really mattered: even if I had been dealing with an important policy issue (or something even more sensitive) it's unlikely that I'd have found myself next to an agent of SPECTRE on a crack-of-dawn train from Shrewsbury to Birmingham.

Much more recently, I was much entertained by an article in The Register by Simon Sharwood that tells us You can hack a PC just by looking at it, say 3M and HP – Thankfully these plastic shields stop data penetrating the retina-consciousness interface. Hyping a potential (if fairly obvious) threat (and your own projected solution) by giving it a catchy name—though the term visual hacking has actually been used for quite a while—probably deserves a little satire.

However, satire (or even sarcasm) shouldn't deflect us from the facts. There is a clear problem here: people do read other people’s laptop/tablet screens, even if they rarely turn out to be professional spies (or reporters, sometimes much the same thing). There are, of course, stick-on privacy screens, and I did get one for the laptop supplied for my next job. Just as well, really, as that was the point where I started spending time at conferences in places even more exotic than Birmingham.

Even though I have more faith in my fellow anti-malware researchers than I do in strangers on a train, I'm fairly sure that the company I was working for at that point wouldn't want me to leave the contents of my laptop exposed to the competition.

I must admit that stick-on privacy screens do work, but they can also be a pain to use, for a number of reasons, mostly to do with the difficulty of keeping them clean, the way they make screens less readable for the tired old eyes of tired old researchers, and the way in which they tend not to stick very effectively.

Sharwood suggests that 'some 3M plastic will be fused onto future HP lappies', offering the opportunity for some amusing speculation about the impact on sociable screen-viewing in the office. However, while I have no privileged information on the HP/3M plans, I think the technology has to be a bit more interesting than that. Even The Register article says that this is an ‘on-demand privacy solution’, which suggests that the privacy function can be enabled/disabled at will. An article for Betanews by Brian Fagioli actually says it will be activated by ‘an on/off button’.

I suspect that rather than simply making the whole screen less readable, the technology will focus on a switchable way of reducing the effective viewing angle of the screen so that it can only be viewed properly by someone looking at it from the front. I also suspect that it will be seen (initially, anyway) on higher-end machines, rather than constituting an instant attack on communal enjoyment of YouTube movies in the workplace. 

What’s hot on Infosecurity Magazine?