Are your smartphone sensors making you vulnerable?

Updated on 12-Apr-2017
HIGHLIGHTS

Researchers from Newcastle University trained an artificial neural network to read PIN codes by exploiting the plethora of sensors in a smartphone.

Smartphones nowadays include a wide number of sensors — accelerometers, gyroscopes, proximity sensors and more. While all of these work in tandem to make a smartphone more versatile and entertaining, a team of researchers have seemingly found a way to exploit the information collated by smartphone sensors and crack security PINs. While many would overlook this as a possible one-off or a lengthy, tedious process that may not affect mainstream user security any time soon, what's alarming to note is that the researchers achieved all of this in a very easily exploitable process, and achieved striking accuracy of 74 percent in first-time PIN guesses.

Researchers from Newcastle University, UK used a javascript exploit delivered to the target smartphone via browser windows. Clicking on this link enabled a malicious code to run in the background and read the user's sensor data. This allowed them to detect repetitive PIN inputs, which further led to the researchers successfully guessing the security PINs accurately for 74 percent at the first attempt itself. The success ratio rose to a staggering 94 percent by the third attempt. This not only exposes sensitive data that you may have stored on your phone, but such sensor vulnerabilities may also be used by organisations to collect personal data. Maryam Mehrnezhad, a research fellow associated with the project, told Popular Science how monitoring smartphone sensor data could be secretly implemented by insurance companies to track your daily activities, which could then be used against an individual.

This is, however, not the first time that smartphone sensors are said to show a potential path for hackers to extract sensitive data from a smartphone. Last month, researchers at University of Michigan and University of South Carolina spoke of taking control of a phone's accelerometer by playing a malicious audio file, and even add fake steps to an activity tracker by taking over the device's accelerometer. While the addition of extra steps may not seem to be of grave consequences, it may actually lead to further significantly serious breaches (the role of insurance companies seem even more ominous here). Such hacking essentially allowed the researchers to use the hacked devices' software as a remote interface for controlling the devices.

When it comes to operating systems and browsers, the present research states that most browsers and operating systems showed exposure to this security risk. Apple's Safari browser would even allow the malicious code to remain active even after the smartphone was locked, and Apple has reportedly repealed the risk in its iOS 9.3 upgrade. Firefox has also seemingly updated its browser to rectify the flaw, while Google is apparently still working on ways to cover the risk.

As the researchers state, the risk will not be limited to smartphone, and extend to all objects smart, which are on a steady rise with the advent of IoT and smart cities. While we are reasonably safe right now, it certainly seems better to switch to safer biometric verification methods, as early as we can.

Souvik Das

The one that switches between BMWs and Harbour Line Second Class.

Connect On :