New vulnerability exposed for smartphones

Posted Dec 31, 2017 by Tim Sandle
Hackers can easily guess your phone PIN using its sensor data, according to new research into mobile device security vulnerabilities from Nanyang Technological University.
A person browsing the Internet on a Windows Phone smartphone
A person browsing the Internet on a Windows Phone smartphone
Photo Mix / Pexels
The researchers have discovered that instruments contained within smart phones like the accelerometer, gyroscope and proximity sensors, each represent a potential security vulnerability to a would-be hacker.
According to International Business Times, the Singapore-based researchers gathered data gathered by six sensors on Android smartphones and ran this information through machine-learning and deep learning algorithms. Once completed, the computer scientists successfully unlocked each device tested with 99.5 percent accuracy. Typically three or fewer attempts were required.
It was noted, in terms of overall protection, that the smartphones generally were locked the most commonly used 50 PIN combinations. The hacking success rate decreased to 83.7 percent when the scientists attempted to guess all 10,000 possible combinations of four-digit PINs, within 20 tries.
Lead researcher Dr Shivam Bhasin said in a statement: "Along with the potential for leaking passwords, we are concerned that access to phone sensor information could reveal far too much about a user's behavior. This has significant privacy implications that both individuals and enterprises should pay urgent attention to."
The weaknesses with mobile devices has been reported to the journal Cryptology ePrint Archive. The research paper is titled "There Goes Your PIN Exploiting Smartphone Sensor Fusion Under Single and Cross User Setting."
To secure devices, Dr Bhasin suggested people opt to have PINs with more than four digits; plus the use of one-time passwords, two-factor authentications, and fingerprint or facial recognition as additional authentication methods.
In related news, U.S. researchers managed to collect data from a smartphone’s sensors in order to infer a user’s geographical location. This was achieved multiple times without asking the user's permission to access the smartphone’s GPS tracking component.