A smartphone’s internal sensors may provide cybercriminals with enough information to be able to guess a user PINs and passwords, according to new research by Newcastle University in the UK.
Experts found that PINs and passwords could be deciphered relatively easily this way. Tests carried out by the university, for example, found that cybercriminals could work out a four-digit PIN with 70% accuracy on the first guess.
The authors of the paper, which was recently published in International Journal of Information Security, said this was troubling, more so because many people are unaware of the security risks associated with smartphone sensors.
Moreover, as to what sensors can actually do on a smartphone, the report found that users tend to have very little understanding about their capabilities.
Smartphone sensors vary considerably. They relate to GPS, to cameras and microphones, near-field communication and gyroscope. There can be as many as 25 different types on mobile devices.
“Because mobile apps and websites don’t need to ask permission to access most [sensors], malicious programs can covertly ‘listen in’ on your sensor data,” said lead author Dr Maryam Mehrnezhad, a research fellow in the School of Computing Science at Newcastle University.
She added: “[Cybercriminals] can use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords.”
It’s not just smartphones that can reveal sensitive information – other connected and mobile devices, including wearable tech like personal fitness trackers and tablets.
by Narinder Purba, ESET We Live Security