Researchers show how a smartphone's motion sensors could reveal sensitive information...

midian182

Posts: 6,672   +59
Staff member

It seems the smarter phones get, the more ways there are to compromise them. New research shows that hackers could potentially steal a mobile device’s pin number and other data just by monitoring the way a device tilts as a user types.

A paper published by a team of researchers from Newcastle University in the UK reveals how they could guess a four-digit pin with 70 percent accuracy at the first attempt by using data taken from a phone’s gyroscope. By the fifth attempt, the accuracy had gone up to 100 percent.

The danger comes from the way malicious websites and apps can access a device’s sensors without requesting permission, taking what appears to innocuous data and using it for nefarious purposes.

“Most smartphones, tablets, and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera and microphone to instruments such as the gyroscope, rotation sensors and accelerometer,” said Dr. Maryam Mehrnezhad, the paper’s lead researcher.

“But because mobile apps and websites don’t need to ask permission to access most of them, malicious programs can covertly ‘listen in’ on your sensor data and use it to discover a wide range of sensitive information about you, such as phone call timing, physical activities and even your touch actions, pins and passwords.”

The Guardian notes that there is a caveat with the system: it takes a lot of data before someone can guess a pin number. Users had to type 50 known pins, five times over, before it learned how they held a phone when typing each particular number.

The team identified 25 different sensors, which appear on most smartphones, that could give away information. Only a small number of these ask user permission to access the device. The researchers were even able to use the data to determine where someone was tapping and what they were typing on a mobile webpage.

Mehrnezhad says the team has been in touch with leading browser providers to alert them of the issue, and while some - Mozilla, Firefox, and Safari – have partially fixed the problem, the researchers are still working with the industry to find an ultimate solution.

Permalink to story.

 

GreenNova343

Posts: 441   +330
I'm guessing it would also vary depending on how you're holding the phone. Sometimes I type in the PIN with the same hand that I'm holding the phone in, other times I'm holding the phone in 1 hand & typing the PIN in the other, & even some times I have the phone laying on a flat surface when I type in the PIN. I'm sure that the motions for each number differ significantly in each situation.
 

Makson

Posts: 115   +26
The people who write or say "PIN number" are not at all smart, PERSONAL IDENTIFICATION NUMBER number is incorrect.
The same happens when people say or write ATM machine, AUTOMATIC TELLER MACHINE machine, and they must be the same people who say or write FREE GIFT, a gift IS free, isn't it?