April 13, 2017

Mobile phone sensors can reveal your PIN

Mobile phone sensors can reveal your PIN

The Word Wide Web Consortium (W3C) defines the standards on which the pages are based on the Internet. One of these standards governs the ability to access javascript, ie, web-based programs, without the need for smartphone sensors. First of all, this is handy: for example, Google Maps can see what your current location is, and browser-based games can be controlled by movement of the mobile phone. And there are a lot of sensors: inclination, acceleration, alignment sensors - and more than 20 others can work in a mobile phone depending on the model. Like the science portal " EurekAlert! "Now writes, security researchers at the British Newcastle University have shown how the sensors are misusing : Maryam Mehrnezhad, Ehsan Toreini,

Sensors detect the smallest movements
The researchers have examined several popular browsers under Android and iOS, analyzing what access rights have Javascripts to the sensor data. Then they examined with a test script - by the way officially found at Github - how to correlate sensor data with PIN input. Because a tip in the upper right of the display produces other cell phone movements than one on the bottom left. These movements are far from easy to decipher: as the researchers describe in detail in an article , some user data is only given by one thumb, others by the scorer, third by several fingers. Nevertheless, with enough collected sensory data, the scientists were finally able to create a demo script,

When small risks add up
The researchers are aware of the fact that the vulnerability they discovered is still small: an attacker would have to bring malicious code to his victim's mobile phone and then make him enter his PIN. And then some criminologist in Asia or the US would have the PIN code to unlock a mobile phone that he would hardly get in the fingers - well? Unfortunately the procedure, which the British call "TouchSignature" call, is extremely expandable. It also allows you to record passwords, referral TANs, and the like with a little more training data, and can check out the user's behavior: does he write a lot or read more? Together with other data, an even more accurate personality profile can be compiled than before. "It's like a puzzle game," says Siamak Shahandashti, One of the authors of the study: "The more puzzle pieces you have, the clearer the picture". Another aspect is a different aspect: smartphones and other intelligent devices contain a lot of sensors that their owners often do not know about. The data collecting the sensors work for us, right? But only until they are abused.


Posting Komentar

Most Read