Categories: Security

Hackers Can ‘Crack’ Your PIN By Exploiting Smartphone Sensor Data

Researchers at Newcastle University have suggested that hackers are able to steal PIN numbers simply by tracking the angle and motion of a user’s phone when he or she is typing.

By monitoring sensor data, which has grown massively as a result of the boom in mobile gaming and health and fitness apps over the last few years, criminals could potentially guess PINs to a surprising degree of accuracy.

The same is also true for malicious websites and installed apps, both of which are able to spy on users using the information collected by the plethora of motion sensors now commonly present in mobile devices.

Sensor threat

Amazingly, the research team was able to crack four-digit PINs with a 70 percent accuracy on the first guess and 100 percent accuracy by the fifth guess, highlighting the threats posed by internal sensors.

The majority of people have little idea of what the multiple sensors on modern smartphones – including the likes of an accelerometer, gyroscope, digital compass and proximity sensor – actually do, making them an interesting avenue for criminals to exploit.

“Most smartphones, tablets, and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera and microphone to instruments such as the gyroscope, proximity, NFC, and rotation sensors,” said Dr Maryam Mehrnezhad, a Research Fellow in the School of Computing Science at Newcastle University.

“But because mobile apps and websites don’t need to ask permission to access most of them, malicious programs can covertly ‘listen in’ on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords.

“More worrying, on some browsers, we found that if you open a page on your phone or tablet which hosts one of these malicious code and then open, for example, your online banking account without closing the previous tab, then they can spy on every personal detail you enter. And worse still, in some cases, unless you close them down completely, they can even spy on you when your phone is locked.”

The study found that each user action, such as clicking, scrolling or tapping, produces a unique orientation and motion, which can then be pieced together to determine where the user is clicking and what he or she is typing.

All the major browser providers have been informed, but no-one has yet been able to come up with a solution.

Quiz: The world of mobile apps

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

23 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

24 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago