On Monday, HP announced it plans to introduce integrated display filters to improve laptop and tablet security. Unlike existing privacy screens that must be physically tacked onto a screen, HP’s new product actually integrates into the computer screen internally and works with the CPU and GPU to enable it to be turned on and off with the push of a button.
HP says the new technology will help prevent people around a user from stealing confidential information or reading a user’s screen, and could be handy in planes or other public places where sensitive information could be visible, and stolen, by others. This type of “visual hacking” is an often overlooked area of security. But according to John Groden, director for Elitebook products at HP, it’s a growing threat – so much so that HP is willing to invest significantly to help users prevent it.
Public places not the only concern
The CIOs that do consider visual hacking threats often relegate their concerns to highly mobile employees that frequent public areas. But the office may be an area of concern too. In February 2015, the Ponemon Institute conducted a visual hacking experiment on behalf of 3M and the Visual Privacy Advisory Council. Ponemon actually hired a computer security expert as a hacker. This pretend hacker was then given access to eight companies through a temporary worker badge.
Surprisingly, close to 90% of the attempts by the hacker to get sensitive corporate information through visual hacking (either by looking at material on workers' desks or computer screens) succeeded. The hacker was able to collect things like employee access and login credentials, customer information and even corporate financials. The hacker used techniques such as looking for information on desks and using his smartphone to take a picture of information displayed on computer screens.
Even more surprising, the hacker used these techniques in plain view of employees, not after hours or when employees were away. In fact, the expert was not stopped by employees 70% of the time.
Lessons learned
Some other surprising facts from the Ponemon study included the following:
-
Visual hacking does not require much time – 45% of the successful hacks took place in less than 15 minutes.
-
A significant volume of data can be gathered very quickly. An average of five pieces of information were visually hacked per trial, including employee contact lists (63%), customer information (42%) and employee access & login information/credentials (37%).
-
Computer screens represented significant risk – 53% of sensitive information obtained was screen-based.
Tips for battling visual hacking
Mobile workers are likely the most vulnerable to visual hacking, so CIOs should make extra efforts to train them and ensure they are aware of the potential. But offices, particularly those that are frequently visited by contractors and other non-employees, also need to take precautions.
The good news is that visual security is relatively easy to address. Mandatory training and awareness, clean desk policies, document shredding and suspicious reporting have all been shown to help reduce the potential for visual hacking. And of course privacy filters – especially those like HP’s that can be integrated into a computer screen rather than tacked on – can play a key role, too.
