Our previous post (and research) seemed to go by pretty silently initially and then suddenly was everywhere. Andy Greenberg wrote a piece over at Forbes which really does deserve special mention. Tech journalists so often sensationalize security stories that many security researchers are quite afraid to even talk them. I certainly was, but his piece was fair, balanced and covered all the interesting points. +1 to him.
The Forbes post was copied almost verbatim by a ton of other "news" sites on the 'net, but we beamed with some measure of geek pride at making the front page of Slashdot (and for featuring on the front page of Hacker News, The Unofficial Apple Weblog and HackADay).
- A surprising number of people reacted to the work (on slashdot, or other forums) with: "FAKE! The iPad Keyboard is not black!". One thread even went into detail about how this meant that the video is doctored (while others opined that the keyboard was on a non standard jailbroken iPad and therefore invalid). The video taken is on a standard iOS5 iPad and is exactly the same as the 4.X iPad (once complex passwords have been enabled).
- The folks at Politecnico di Milano did some previous work in this field, using computer vision to detect keyboards (on mobile devices) which magnify the alphabets on key-press. Their excellent paper covers their technique and impressive results. (One of the authors commented on several sites that covered the ShoulderPad post about their version working "without needing blue color detection" and also made the mistake of initially assuming our keyboard was non-standard. (Their attack targeted the normal keyboard whilst mines aimed at the Password keyboard).