Home / news / Your Phone's Gyroscope Could Reveal your PIN Code

Your Phone's Gyroscope Could Reveal your PIN Code

Why it matters to you

Turns out your ’s PIN is less secure than previously thought. Researchers demonstrated how to hack it with data.

It’s no secret that smartphone PIN codes are not perfect, but new research suggests they might be next to worthless. A team of scientists at Newcastle University in the U.K. was able to guess a user’s PIN with nothing more than data from the device’s sensors.

In a paper published in International Journal of Information security, researchers demonstrated how a phone’s — the sensor that tracks the rotation and orientation of your wrist — could be used to guess a four-digit PIN code with a high degree of accuracy. In one test, the team cracked a passcode with 70 percent accuracy. By the fifth attempt, the accuracy had gone up to 100 percent.

More: Security researchers expose Gmail smartphone hack

It takes a lot of data, to be sure. The Guardian notes users had to type 50 known PINs five times before the researchers’ algorithm learned how they held a phone when typing each particular number. But it highlights the danger of malicious apps that gain access to a device’s sensors without requesting permission.

“Most smartphones, tablets, and other wearables are now equipped with a multitude of sensors,” Dr. Maryam Mehrnezhad, a research fellow in the Newcastle University School of Computing Science and lead author on the paper, said. “But because mobile apps and websites don’t need to ask permission to access most of them, malicious programs can covertly ‘listen in’ on your sensor data.”

The risk extends beyond PIN codes. In total, the team identified 25 different smartphone sensors which could expose compromising user information. Worse still, only a small number — such as the camera and GPS — ask the user’s permission before granting access to that data.

More: 60 minutes asked a security firm to hack an iPhone, and the result is disturbing

It’s precise enough to track behavior. Using an “orientation” and “motion trace” data, the researchers were able to determine what part of a web page a user was clicking on and what they were typing.

“It’s a bit like doing a jigsaw — the more pieces you put together, the easier it is to see the picture,” Dr. Siamak Shahandashti, a senior research associate in the School of Computing Science and co-author on the study, said.

Mehrenzhad said the team reached out to leading browser providers to alert them of the issue and that Mozilla and Safari have implemented fixes. But she said that researchers are still working with the industry to a better fix.

More: Top secret designs could be stolen from 3D printers using an ordinary smartphone

“We all clamor for the latest phone with the latest features and better user experience but because there is no uniform way of managing sensors across the industry, they pose a real threat to our personal security,” Mehrenzhad said. “It’s a battle between usability and security.”

Check Also

Kobo's New Aura H2O Can Survive a Dunk in the Pool

Why it matters to you If you’re in the market for an affordable, durable new …

Leave a Reply

Your email address will not be published. Required fields are marked *