11
ISSUES: Privacy
Chapter 1: What is privacy?
Hackers can guess your PIN just using the
motion sensor on your phone
It’s not just your PIN, passwords too.
By Tom White and Thomas Tamblyn
S
o here’s some worrying news:
hackers can actually find out
your PIN and passwords just by
analysing the way you tilt a phone in
your hand.
The revelation comes from cyber
experts at Newcastle University who
say they’ve developed a technique
which allows them to easily monitor
the motion sensors on smartphones
and tablets.
By detecting themovement of a device
while the keyboard is being used the
team say they were able to crack a
four-digit PIN with 70% accuracy on
the first guess and then with 100%
accuracy by the fifth.
Lead author Dr Maryam Mehrnezhad,
a research fellow in the School of
Computing Science, said: “Most
smartphones, tablets and other
wearables are now equipped with a
multitude of sensors, from the well-
known GPS, camera and microphone
to instruments such as the gyroscope,
rotation sensors and accelerometer.
“But because mobile apps and
websites don’t need to ask permission
to access most of them, malicious
programs can covertly ‘listen in’ on
your sensor data and use it to discover
a wide range of sensitive information
about you, such as phone call timing,
physical activities and even your touch
actions, PINs and passwords.”
Because there is no uniform way of
managing sensors across the industry,
the research points towards there
being a real threat to personal security.
Yet despite these findings the authors
believe that many of the major
companies involved have yet to find
a way to tackle this problem, even
though they’re fully aware that they
exist.
After publishing the findings today in
the
International Journal of Information
Security
, the team is now looking at
the additional risks posed by personal
fitness trackers which are linked to
online profiles.
Dr Mehrnezhad said: “More worryingly
on some browsers we found that if you
open a page on your phone or tablet
which hosts one of these malicious
codes and then open, for example,
your online banking account without
closing the previous tab, then they can
spy on every personal detail you enter.
“And worse still, in some cases, unless
you close them down completely, they
can even spy on you when your phone
is locked.
“Despite the very real risks, when we
asked people which sensors they were
most concerned about we found a
direct correlation between perceived
risk and understanding.
“So people were far more concerned
about the camera and GPS than they
were about the silent sensors.”
The team was able to identify 25
different sensors which came as
standard on most smart devices and
were used to give different information
about the device and its user.
The researchers found that each user
touch action – clicking, scrolling,
holding and tapping – induced a
unique orientation and motion trace
and so on a known webpage, the team
was able to determine what part of
the page the user was clicking on and
what they were typing.
They said they had alerted all themajor
browser providers such as Google and
Apple of the risks but so far no-one has
been able to come up with an answer.
Ö
Ö
The above information is reprinted
with kind permission from the
Press Association. Please visit
for
further information.
© Press Association 2017
