7

What are good methods of visually securing sensitive information that might appear on your screen from the outside world?

An example to illustrate my question would be the following:

You're sat in a coffee shop using WiFi to do some work. You want to be able to work without others potentially seeing or stealing information that may present on the screen or typed into the keyboard.

Given this scenario, what steps would you take to minimize as much as possible the likelihood of exposing or compromising your personal data from a visual perspective?

Rodrigo de Azevedo
  • 242
  • 2
  • 13
li x
  • 462
  • 4
  • 11
  • 5
    I’m afraid the best method is to not do sensitive work in a coffee shop. Only display sensitive information when in a space that you control. – Mike Scott Apr 17 '18 at 10:49
  • 2
    @MikeScott It's just an illustrative example, there are inevitably going to be times when you have to work around people who you might want to conceal data to. There has to be better methods than just don't do stuff around people. – li x Apr 17 '18 at 10:51
  • 1
    Try telling the NSA that there are “inevitably” going to be times when their staff have to work on sensitive information in a public place. I think you’ll find that it’s perfectly evitable. – Mike Scott Apr 17 '18 at 10:54
  • 3
    You could use a VR headset to read your data. You still wouldn't be able to type without the risk of being spied upon. A drawback is that it would be easier for thieves to steal your physical belongings. – S.L. Barth Apr 17 '18 at 11:05
  • @lix Thanks! Meanwhile, you'd have to be sure the VR headset has some protection against [TEMPEST](https://en.wikipedia.org/wiki/Tempest_(codename)) - it might leak emanations. Security is never easy, is it? – S.L. Barth Apr 17 '18 at 11:33

1 Answers1

10

This kind of attack is called shoulder surfing and it is a real problem. Hardly a day goes by where I do not see someone putting themselves at risk of this either on the train, a cafe or in various other public places. There are a number of countermeasures, most of which are as simple and basic as the attack itself.

Situational awareness

  • Beware of your surroundings, ensure that there are no cameras that can see your screen and keyboard inputs.

  • Ensure there are no reflective surfaces such as mirrors, windows or polished walls and tables that may reflect your screen or keyboard inputs.

  • Be aware of people around you. Can they see your screen? Do they have phones that can see your screen or keyboard inputs? (I’m often on the train with my mobile phone in my hand, I could easily record people on their laptops and play it back later to see what information I could obtain.)

Personal Security

  • Ensure you are not in a position where there is a high risk that someone may physically remove your device from you.

  • Beware that people are working in teams. I.e one person distracts you while the other steals from you or captures the contents of your screen with a camera.

  • Do not wear work badges or any other work branded apparel that reveals the organisation your work for.

  • Use privacy screens or a privacy enhanced display.

Inventive Solutions (No guarantee of practicality or feasible current technology.)

  • You could use a VR headset as S.L. Barth mentioned in the comments. This would increase the risk to personal safety, however as it will obstruct your vision.
  • You could use Augmented Reality headsets that will allow you to maintain vision, albeit this may be slightly obstructed. There is also a risk that an attacker could see what is being displayed on the AR headset.
  • You could use a special colour pallet on your screen which obfuscates what is being displayed unless viewed through glasses with a certain tint. (Something like this.)
  • You could use a blanket or a jacket to cover your screen when you are accessing anything sensitive. (See Edward Snowden.)
  • Or how about an invisibility cloak?*

*Currently only theoretical

schroeder
  • 123,438
  • 55
  • 284
  • 319
TheJulyPlot
  • 7,669
  • 6
  • 30
  • 44
  • 3
    You might want to take a look at computer screen privacy filters. Quite inexpensive, and they reduce the risk of other people seeing what you are working with. https://www.ebay.co.uk/b/Computer-Screen-Privacy-Filters/170597/bn_661669 – Bdrs Apr 17 '18 at 15:10
  • 2
    Another inventive solution, not invented by me - remove the necessary polarising filter from your LCD screen. That makes it only viewable with polarising glasses. Anyone looking directly at it would see a blank white screen. – bdsl Apr 17 '18 at 21:05