Now here is a troubling discovery by experts at Newcastle University, who found thathackers can guess your passwords and PINs just from the way you tilt your smartphone while typing. The cyber experts revealed that technology companies already know about this problem, but they cannot figure out what to do about it.
The way you tilt a smartphone says a lot
Cyber experts at Newcastle University in the U.K. have disclosed how easily installed apps and malicious websites can spy on us by using only the information from the motion sensors in our mobile devices. Dr. Maryam Mehrnezhad, a research fellow at the School of Computing Science and the paper’s lead author, noted that most tablets, smartphones and other wearables are equipped with a multitude of sensors now.
Further, she said that mobile apps and websites do not require permission to access most of those sensors, which is why harmful programs can secretly “listen in” on a user’s sensor data. To find out passwords and PINs covertly, these malicious websites or installed apps use the information collected through numerous internal sensors.
“On some browsers we found that if you open a page on your phone or tablet which hosts one of these malicious codes and then open [another one], then they can spy on every personal detail you enter,” Dr. Mehrnezhad added. In some cases, if the user does not close the tabs completely, the hackers can spy on them when their phone is locked, the researcher said.
The researchers analyzed the movement of a mobile device as the keyboard was used. They found that everything users do, from scrolling to clicking or tapping, results in them holding their phone in a different way. They were able to figure out four-digit PINs with 70% accuracy on just the first try, and 100% by the fifth try, notes the BBC.
Your smartphone sensors could get you in trouble
The researchers said they were able to identify about 25 different sensors available on current smart devices. The researchers believe the lack of fixed standards for managing sensors in the tech industry poses a great threat to privacy, as these sensors collect immense amounts of data which can be of value to hackers.
“Despite the very real risks, when we asked people which sensors they were most concerned about we found a direct correlation between perceived risk and understanding. So people were far more concerned about the camera and GPS than they were about the silent sensors,” the researcher said.
The cyber experts have already told big technology companies like Apple and Google, about the risks of sensors. Their research has helped some browser developers such as Mozilla, Apple’s Safari, and Firefox to partially fix the issue, notes the Tribune. However, no one has come up with a complete solution yet.
The cyber expert’s team published their findings recently in the International Journal of Information Security. Now they are finding additional risks posed by fitness trackers that are connected to online profiles.