A study by Newcastle University claims that hackers can crack your password or PIN code based on the movement of your smartphone while typing. Weird as it may seem, the experts say that during the study, they’ve managed to crack four-digit PINs with 70% accuracy on the first try, and have them guessed by the fifth attempt, relying on nothing more than data collected from motion and orientation sensors. The scientific team also claims that tech companies are aware of the problem, but have no solution to it.
So, how is this possible? Well, apparently by secretly collecting data from the phone’s gyroscope.
Dr Maryam Mehrnezhad, lead of the Newcastle University study, says that this security flaw is caused by the fact that most “mobile apps and websites don’t need to ask permission to access most of the [sensors],” which allows “malicious programmes” to listen in and collect data from the sensors.
But how does it work, exactly? Well, in a similar way to how mouse tracking can be used to learn more about what you’re doing on your PC, the orientation sensors in your phone can be used to tell whether you are scrolling, long-pressing, or tapping your screen, and most worryingly perhaps, where you are tapping on the screen.
“On some browsers we found that if you open a page on your phone or tablet which hosts one of these malicious codes and then open [another one], then they can spy on every personal detail you enter,” says Dr Mehrnezhad. “And worse still, in some cases, unless you close them down completely, they can even spy on you when your phone is locked.”
And you were worried about the front-facing camera!
The Newcastle University scientific team has reported all its findings to major tech companies, but there hasn’t been any meaningful response so far.
Well, we guess the only logical (and sane) solution to the problem would be to become this guy: