Attackers can guess our passcode “just from the way we tilt our phone”

If you are using PINs to keep your device safe, you can be in trouble.

Just yesterday we reported that fingerprint scanner on smartphones can be bypassed with the help of a new technique called MasterPrint. Now, hackers have developed a new way to figure out your smartphone’s passcode. You might be thinking that they can do this by using sophisticated methods or tools, but no! This is where you are wrong.

How does it work? A new study shows that hackers can simply determine your phone’s passcode watching your phone’s motion sensor – Cybersecurity researchers from the British Newcastle University showed that hackers could easily figure out the four digit PIN just by watching your hand’s movement and the way the phone is titled.

An experiment was conducted by the security researchers to support their claim, and the results were surprising. A neural network of data was used in the experiment and 70% of the times the team was able to determine the correct PIN in the very first try almost while the team cracked all the PINs within five tries.

Dr. Maryam Mehrnezhad, a Research Fellow in the School of Computing Science explains that “Most smartphones, tablets and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera, and microphone to instruments such as the gyroscope, proximity, NFC, and rotation sensors and accelerometer. But because mobile apps and websites don’t need to ask permission to access most of them, malicious programs can covertly ‘listen in’ on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords.”

Even more trouble:

Researchers also discovered that if a user opens a page on their smartphone or tablet which hosts one of these malicious codes and then open, for example, their online banking account without closing the previous tab, then they can spy on every personal detail they enter. In some cases, researchers also found that even if all the tabs are closed hackers can still spy on users even when the phone is locked. The hackers can do this because of a JavaScript exploit.

Some relief

Researchers have told all the major tech companies about these security flaws. Apple and Firefox have already dealt with it, while other Tech giants are still figuring out a way to cope with these vulnerabilities. Apple released an iOS update earlier this month to address the way Safari browser on iPhone handles Javascript pop-ups.

Related  Pokémon Go Exploitation Saga Continues; Beware of New Ransomware