Smartphone sensors notorious for leaking user PINs and Password
Most smart phones, tables are equipped with numerous sensors that malicious programs can listen in and use it to discover sensitive information like phone call timing, PINs and passwords. PHOTO | FILE
What you need to know:
- Most smart phones, tablets are equipped with numerous sensors that malicious programs can use to 'listen in' to discover sensitive information like phone call timing, PINs and passwords
- The team identified 25 different sensors on most smart devices that reveal information about the device and its user.
- "Depending on how we type - whether you hold your phone in one hand and use your thumb, or perhaps hold with one hand and type with the other, whether you touch or swipe - the device will tilt in a certain way and it's quite easy to start to recognize tilt patterns.
PINs and passwords can be hacked just by the way we tilt our phone and type in the information a group of experts have said.
Cyber experts at Newcastle University who published their findings in the International Journal of Information Security demonstrated in their study how malicious website and third party apps installed on the phone can spy on the users from the smartphone's motion sensors that are now commonplace in smart devices enabling mobile gaming, health and fitness apps.
The report also found that people were unaware of these risks and had little understanding of the different sensors on their smart phones and what they did.
The report also showed how based on how a user held or even typed on their phone it was possible to crack four-digit PINs with a 70% accuracy on the first guess and 100% by fifth guess using data collected from the phones numerous internal sensors that can be accessed by most mobile apps and websites without asking the user's permission.
Only a small number of these such as the camera and GPS - ask the user's permission to access the device.
This creates a gateway that malicious programs can listen in and use it to discover sensitive information like phone call timing, PINs and passwords.
SEALING LOOPHOLES
The team identified 25 different sensors found on most smart devices that can reveal information about the device and its user.
The study found that each user touch action - clicking, scrolling, holding and tapping - induces a unique orientation and motion trace. So on a known webpage, the team were able to determine what part of the page the user was clicking on and what they were typing.
"Depending on how we type - whether you hold your phone in one hand and use your thumb, or perhaps hold with one hand and type with the other, whether you touch or swipe - the device will tilt in a certain way and it's quite easy to recognize tilt patterns associated with 'touch signatures' that we frquently use” explains Dr Siamak Shahandashti, a Senior Research Associate in the School of Computing Science and co-author on the study.
The team suggest some simple rules that you can use to safeguard your information which include;
• Change PINs and passwords regularly so malicious websites can't start to recognize a pattern.
• Close background apps when you are not using them and uninstall apps you no longer need
• Keep your phone operating system and installed apps up to date
• Install applications from approved app stores
• Audit the permissions that apps have on your phone
• Scrutinize the permission requested by apps before you install them and choose alternatives
The team has shared its findings with the major browsers some of whom have sealed the loopholes. Mozilla and Apple's Safari confirmed that they have partially fixed the problem.
