According to a study led by an Indian-origin scientist Shivam Bhasin, NTU Senior Research, data from your smartphone sensors can reveal PINs and passwords to hackers and allow them to unlock your mobile devices. Researchers from Nanyang Technological University (NTU) in Singapore used sensors in a smart phone to model which number had been pressed by its users, based on how the phone was tilted and how much light is blocked by the thumb or fingers.
Instruments in smart phones such as the gyroscope and proximity sensors represent potential security vulnerability, said researchers.
Utilizing machine learning calculations and algorithms and a combination of data gathered from six different sensors found in smartphones, the researchers accomplished in unlocking Android smart phones with 99.5 per cent precision in just three tries, while tackling a phone that had one of the 50 most basic and common PIN numbers.
The team of specialists took Android phones and installed a custom application which gathered information from six sensors: accelerometer, gyroscope, magnetometer, proximity sensor, barometer, and ambient light sensor.
“When you hold your phone and key in the PIN, the way the phone moves when you press 1, 5, or 9, is very different. Likewise, pressing 1 with your right thumb will block more light than if you pressed 9,” said Bhasin.
Albeit every individual enters the security PIN on their phone in a different way, the researchers demonstrated that as information from more individuals is fed to the algorithm after some time, the success rates improved.
So while a vindictive application will most likely be unable to effectively figure a PIN instantly after installation, but by using machine learning, it could gather information from a huge number of users over time from each of their phones to take in their PIN entry pattern and then dispatch an attack later when the success rate is substantially higher.
The study demonstrates how gadgets with apparently strong security can be attacked using a side-channel, as sensor information could be redirected by vindictive applications to keep an eye on the user behaviour and help to access the PIN and password data, said Professor Gan Chee Lip from NTU.
To read the original article: