Your PIN has been Pwned

Written by:
Lucie Sadler
Date Posted:
12 January 2018

Mobile phone passcodes are probably fairly easy to guess, given that there’s only 10 numbers to choose from.

It turns out that hackers could work out your mobile passcode by using data that you have no control over. Intrigued?

A study found that hackers could guess your phone PIN using sensor data. It uses instruments such as the accelerometer, which specifies when you turn your device horizontally or vertically. This kind of sensor data has the potential to be turned into a security vulnerability.

6 degrees of hackability
The results from the study show that data collected from 6 different sensors on your phone (accelerometer, gyroscope, magnetometer, proximity sensor, barometer, and ambient light sensor) could unlock Androids with nearly 100% accuracy with three attempts.

The team explained that the technique works based on phone movements and light reaching the screen. For instance, when you’re holding your phone and tap in the PIN number, the way the phone moves when you press 2, 6, or 8 is very different.

Sensor reactions
The algorithm used in the study was trained with data that was collected from three people, who each tapped in a random selection of four digit numbers. Relevant sensor reactions were recorded at the same time.

The test found different weightings of importance to each sensor. Whilst an application might not be able to guess a PIN number straight off, it could use machine learning to collect data from thousands of users over time and launch an attack in the future.

Mobile OS should really restrict access to the six sensors in the future, as they currently don’t require permissions for access to apps.

Could this access to phone information give away too much about a user’s behaviour, as well as leaking passwords?  Let us know what you think in the comments.

No votes yet.
Please wait...

Recommended Videos

Find out why Safestore adopted Hyve as their hosting provider

Case Studies

Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.