In a new study from Newcastle University in the U.K., researchers have shown how they can use motion sensors in your phone to determine your pin with surprising accuracy.
On the first try, they were able to crack a four-digit PIN with a 70% accuracy rate - with 100% success by the fifth try.
The study shows how every time you click, scroll, hold, or tap your device, it produces a unique orientation and range of motion.
“Depending on how we type – whether you hold your phone in one hand and use your thumb, or perhaps hold with one hand and type with the other, whether you touch or swipe - the device will tilt in a certain way and it’s quite easy to start to recognize tilt patterns associated with ‘Touch Signatures’ that we use regularly," explains Dr. Siamak Shahandashti, a co-author of the study.
Dr. Maryam Mehrnezhad, lead author of the paper, explains:
“Most smart phones, tablets, and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera and microphone to instruments such as the gyroscope, proximity, NFC, and rotation sensors and accelerometer. But because mobile apps and websites don’t need to ask permission to access most of them, malicious programs can covertly ‘listen in’ on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords."
She goes on further to explain that if you were to open a browser page on your phone or tablet that hackers had access to using these sensors, they could track personal details you type in by running malicious code.
In some cases, they can even access your phone and spy on you if these apps are left running, even if the screen is locked.
Mehrnezhad says, “We all clamor for the latest phone with the latest features and better user experience but because there is no uniform way of managing sensors across the industry they pose a real threat to our personal security." She adds, "It’s a battle between usability and security."
After the study was published, mobile browser companies such as Mozilla, Firefox, and Safari have worked to address some of the issues - but the problem is still ongoing.
To keep your personal information safe, make sure you're regularly changing your PINs and passwords, close background apps when you're no longer using them, and review the permissions your apps have on your phone.
