Hackers Can Gather PINs and Other Data via Phone sensors

Prayank

Smartphone devices fitted with sensors such as gyroscopes, accelerometer, proximity and other such sensors are susceptible to attacks by hackers, a new research published in the International Journal of Information Security shows.

Pasi Mämmelä | Flickr

According to researchers at Newcastle University, hackers can use sensors on a smartphone to determine a lot of personal information about us like our whereabouts as well as gain access to sensitive information such as our financial details.

During the research, the team was able to circumvent the four digit PINs 70% of the times in the first attempt and 100% in the fifth, using the data collected via a phone’s onboard sensors.

“Because mobile apps and websites don’t need to ask permission to access most of the sensors, malicious programs can covertly ‘listen in’ on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even touch action, PINs and password,” Dr Maryam Mehrnezhad, the lead author on the research paper said.

The researchers also found that on some browsers, if the user has a page opened which hosts a malicious code and at the same time opens another page in a new tab — per se, bank account — then the hacker can even spy on details you enter.

“And worse still, in some cases, unless you close them down completely, they can even spy on you when your phone is locked,” he added.

Sensors are widely used in the smartphone industry in today’s date — with as many as 25 sensors present on a single device — and play a major role for the fitness and gaming apps right now and increasingly is also supporting Smart Home devices.

A number of these sensors do not seek permission from the user when an app is trying to access them. The researchers identified that using these sensors someone can easily figure out touch actions such as clicking, scrolling, holding and tapping.

The team were able to identify what page a user was clicking on and what they were typing too using this methodology.

The research’s findings led Mozilla Firefox and Apple Safari to come up with partial fixes for the problem, but in the meantime, the researchers have pointed out a number of ways to avoid being attacked here including changing your pin frequently and shutting unused apps from running in the background and uninstalling dormant apps too.

Also See
#hacking#sensor

Join the newsletter

Prayank

Written By

Prayank

Bike enthusiast, traveller, ManUtd follower, army brat, word-smith; Delhi University, Asian College of Journalism, Cardiff University alumnus; a journalist breathing tech these days.