Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The threat of shoulder surfing should not be underestimated

Ira Winkler | Jan. 14, 2016
Users need to know that shoulder surfing is a serious concern, and companies need to also take other precautions, like investing in privacy filters, to secure users further.

shoulder surfing
Credit: Thinkstock/CSO staff

Author note: This article does not intend to personally criticize the author in question. However, it will criticize the ideas and beliefs expressed in the column. It is also important to note that there is frequent use of the word, ignorant, in this article, which is defined as unknowing. I believe the lack of understanding on the subject expressed in the column in question serves as a great lesson in the need for awareness on many physical security concerns, as well as the history of hacking.

Normally when I see a column I don’t agree with, I let it go. Highlighting something, whether for good or bad, brings more attention to it. However, I recently read an article criticizing security terms and tools in a way that trivializes significant security concerns. I believe it deserves to be set straight.

While the column, Visual hacking is not hacking, was listed as an opinion piece, as is this article, it can be considered a dangerous opinion if it ever gets traction. At the same time, the ignorance (defined as unknowing) serves to identify a critical area to consider regarding security and security awareness.

The column in question criticizes 3M’s use of the term “Visual Hacking,” which for lack of a better term is shoulder surfing. This is where you look at a computer or monitor, over someone’s shoulder, and watch what the person types, such as their passwords, or what is on their screen. There are incredibly naïve statements that if you are in the workplace, looking over someone’s shoulder is collaboration and teamwork. The column also says that only creepy people will look at your iPad while you are in the elevator, and that you shouldn’t be using your iPad in an elevator.

Let’s first examine the criticism of the term, “hack” in the column. There is a fundamental misunderstanding of security. The article implies that the term is a computer term that has now been bastardized for non-computer related issues, such as “Life Hacks”. As a person who has been in the security field for decades, I’ve observed there is a gross lack of knowledge of the history of the hacking field.

The term “hack” was coined long before computers, and for computer purposes seems to have originated at MIT where computer hacking was iconic. Hacking is defined as a clever, benign, and ethical prank. The computer field essentially hijacked the term, as early “hackers” did so to bypass controls to make the computer more useful, or to overcome the lack of documentation. Claiming the term originated to define breaking into computers, displays ignorance of the field. Hack has also been used as an expression in countless other settings, including golf, taxis, chopping, and horses, which all can possibly lay claim to the origination of the term hack with regards to computers.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.