Public‑Space Credential Theft in 2025: AI‑Boosted Shoulder Surfing

Attackers can discreetly record your screen or keyboard from a short distance (or use a compromised app to read screenshots) and run computer vision/OCR models to recover credentials and session data. This blends classic shoulder‑surfing with modern AI, making it faster, more accurate, and harder to notice.

• Speed: AI turns blurry video into text quickly — one short clip can expose a password or 6‑digit MFA.
• Scale: A single attacker can capture many victims in crowded venues.
• Bigger blast radius: Stolen passwords often unlock email, cloud, and finance apps.

1. Hidden or handheld camera records your screen/keyboard for a few seconds.
2. Frames are processed with OCR and keystroke‑inference models; overlays (like SMS codes) are detected.
3. Credentials are tested immediately over public Wi‑Fi; if MFA is enabled, attackers time the replay.

• Use a password manager + autofill. Avoid typing secrets in public.
• Prefer app‑based MFA or hardware keys. Avoid SMS codes in public venues.
• Angle + shield. Use a privacy filter and sit with your back to a wall.
• Lock screens fast. Short auto‑lock; disable lock‑screen previews for codes.
• Update iOS & apps. Remove unknown device profiles; avoid sideloaded apps.
• Zero‑trust your session. If you had to type a password in public, rotate it later.

“AI makes shoulder‑surfing faster and stealthier. Use password managers and app‑based MFA, shield your screen, and rotate credentials if exposed.”