Security researchers from Singapore’s Nanyang Technology University (NTU) have discovered, with 99.5% accuracy, the ability for hackers to unlock your Android device using its own internal sensors.
E
very new smartphone that is released has some additional sensor(s) to make the user’s experience more enjoyable. However, researchers have now discovered that these very sensors could potentially give hackers the passcode to your phone.When attempting to crack a phone that had one of the 50 most common PIN numbers, researchers said their method worked 99.5% of the time and could be used to guess all 10,000 possible combinations of 4-digit PINs. The researchers used six sensors to identify a smartphone’s 4-digit number sequence including the magnetometer, accelerometer, ambient light sensor, gyroscope, proximity sensor and barometer. “When you hold your phone and key in the PIN, the way the phone moves when you press 1, 5, or 9, is very different. Likewise, pressing 1 with your right thumb will block more light than if you pressed 9,” lead researcher and NTU senior research scientist Dr. Shivam Bhasin said.
“While a malicious application may not be able to correctly guess a PIN immediately after installation, using machine learning, it could collect data from thousands of users over time from each of their phones to learn their PIN entry pattern and then launch an attack later when the success rate is much higher,” researchers noted.
Researchers have called for mobile OS providers to restrict access to the six vulnerable sensors in the future and give users to ability to choose to give permissions to trusted apps that require them. Users have also been advised to have longer PINs with more than four digits together with other security measures, such as two-factor authentication, one-time passwords, and facial or fingerprint recognition.