One door closes, another opens. In the case of smartphones, the more we invest in tech that can make them secure, the more others find ways of hacking them easily. The latest proof on how vulnerable our phones really are comes from the U.K. Researchers at Newcastle University were able to find out a user’s PIN code by using one of its sensors’ data #securemagic
The team of scientists simply examined the phone’s gyroscope (the sensor that tracks the orientation of your hand and therefore, device) to guess a four-digit PIN. The experiment was a success, unfortunately; the accuracy rate grew from 70% at first attempt to 100% at the fifth one. Basically, the gyroscope can betray you at any moment.
To reach this result, though, the algorithm had to learn how a phone is held while typing a certain password. It appears that users typed 50 different PINs five times before it could associate an orientation and movement with a PIN, according to The Guardian. While an amateur doesn’t have the skill to do that yet, hackers can try to obtain PINs through malicious apps. These “can covertly ‘listen in’ on your sensor data” since they rarely demand express permission to access it.
The worst part is that the gyroscope isn’t the only vulnerable sensor to this type of attack. Scientists discovered 25 different sensors that could give up your data to strangers. This is due to the small number of sensors who need permission and ask for it before handling a task.
Oh, and if that wasn’t bad enough, you should know that once a hacker has “orientation” and “motion trace” data from your device, it can follow you online. This information reveals the web pages you have clicked and what typed online.
“Depending on how we type – whether you hold your phone in one hand and use your thumb, or perhaps hold with one hand and type with the other, whether you touch or swipe – the device will tilt in a certain way and it’s quite easy to start to recognize tilt patterns associated with ‘Touch Signatures’ that we use regularly.”, said Dr Siamak Shahandashti, a Senior Research Associate in the School of Computing Science and co-author on the study.
The serious threat to Internet users convinced the researchers to approach browser providers and warn them of the danger. Some of them – Mozilla, Firefox and Apple Safari – have partially fixed the problem, but for an ultimate solution, the Newcastle team is still working with industry.