Researchers out of Newcastle University in the UK claim that your phone’s sensors are giving away your passwords and pins. The researchers say the sensors could give malicious apps and websites plenty of data about you and your phone. The researchers were able to crack a four-digit PIN on the first try with 70% accuracy and 100% by the fifth attempt. The research team is now diving into the world of fitness trackers to see if they pose the same sort of vulnerability as your phone.
“Most smartphones, tablets, and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera and microphone to instruments such as the gyroscope, proximity, NFC, and rotation sensors and accelerometer.
“But because mobile apps and websites don’t need to ask permission to access most of them, malicious programs can covertly ‘listen in’ on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords.
“More worrying, on some browsers, we found that if you open a page on your phone or tablet which hosts one of these malicious code and then open, for example, your online banking account without closing the previous tab, then they can spy on every personal detail you enter.
“And worse still, in some cases, unless you close them down completely, they can even spy on you when your phone is locked.
“Despite the very real risks, when we asked people which sensors they were most concerned about we found a direct correlation between perceived risk and understanding. So people were far more concerned about the camera and GPS than they were about the silent sensors.”
The researchers say using these sensors to read the tilting, touch, and swiping habits is what can lead to data being taken through bad apps or websites. They also say the “major players” in the industry know about the security risk but there has been no solution to the problem.
The study found that each user touch action – clicking, scrolling, holding and tapping – induces a unique orientation and motion trace. So on a known webpage, the team were able to determine what part of the page the user was clicking on and what they were typing.
We’re hoping this study brings this issue front and center and moves industry leaders to work on a solution faster.
Last Updated on April 11, 2017.