It turns out that hackers could work out your mobile passcode by using data that you have no control over. Intrigued?
A study found that hackers could guess your phone PIN using sensor data. It uses instruments such as the accelerometer, which specifies when you turn your device horizontally or vertically. This kind of sensor data has the potential to be turned into a security vulnerability.
6 degrees of hackability
The results from the study show that data collected from 6 different sensors on your phone (accelerometer, gyroscope, magnetometer, proximity sensor, barometer, and ambient light sensor) could unlock Androids with nearly 100% accuracy with three attempts.
The team explained that the technique works based on phone movements and light reaching the screen. For instance, when you’re holding your phone and tap in the PIN number, the way the phone moves when you press 2, 6, or 8 is very different.
The algorithm used in the study was trained with data that was collected from three people, who each tapped in a random selection of four digit numbers. Relevant sensor reactions were recorded at the same time.
The test found different weightings of importance to each sensor. Whilst an application might not be able to guess a PIN number straight off, it could use machine learning to collect data from thousands of users over time and launch an attack in the future.
Mobile OS should really restrict access to the six sensors in the future, as they currently don’t require permissions for access to apps.
Could this access to phone information give away too much about a user’s behaviour, as well as leaking passwords? Let us know what you think in the comments.