Hackers Can Steal Your Smartphone's PIN Via Built-In Motion Sensors

[Lucian Armasu]

A team of researchers from the Newcastle University, UK, uncovered a new way an attacker could guess and steal smartphone users' PINs by taking advantage of all the motion sensors in modern smartphones.

Hackers Can Steal Your Smartphone's PIN Via Built-In Motion Sensors : Read more

 

[SteveRNG]

Or make the number layout of the PIN keypad vary. It requires people to remember the numbers and not the pattern but... you're welcome.

First time:
123
456
789
0

Second time:
148
029
356
7

Nth time:
503
429
716
8

 

[dstarr3]

Boy, hackers are so clever. I would say "If only they used their powers for good," but a lot of times, they do, like this instance. There are so many hackers out there doing their job for no other reason than exposing security exploits so they can be fixed.

 

[bloodroses]

Hackers are definitely clever. Luckily most do this without malicious intent, but their methods are used by others to do just that. In many cases, these exploits help keep companies like Google and Apple on their toes to ensure that their devices are safer since the companies more often than not don't foresee the potential problems themselves.
When it comes to the computer/electronics world, nothing is completely secure due to its very nature in itself.

 

[canadianvice]

Or make the number layout of the PIN keypad vary. It requires people to remember the numbers and not the pattern but... you're welcome.

First time:
123
456
789
0

Second time:
148
029
356
7

Nth time:
503
429
716
8

My thoughts exactly. A randomizing pin layout makes this whole business moot. However, most smartphones don't operate that way without custom software in my experience, so it's still a valid attack vector.

Personally, I don't do anything on my phone I'm not willing to have compromised, because they're just too damn easy to steal and while most of them are subhuman thugs, evidently there are a lot of hacking options too for those invested enough to try.

 

[erendofe]

add the effected sensors to the permission list when installing an app. after that its up to the user really.

 

[spdragoo]

http://www.techspot.com/news/68891-researchers-show-how-smartphone-motion-sensors-could-reveal.html

Just a little bit more information...they had to enter the same PIN 50 times before the system learned how you typed each digit. So you first have to get the malware onto your phone, then you have to type the PIN in enough times for it to start having a chance to recognize (i.e. 50 times before it has that 70% chance to guess).

And the ability for it to recognize the number is going to be affected by:
-- the location of the numbers (i.e. the placement of the numbers on my iPhone's lock screen <> the placement of the numbers on the "full" on-screen keyboard <> the placement of the numbers on the "number pad" on-screen keyboard)
-- how your phone is placed (i.e. sometimes I unlock my phone with the same hand that's holding it, sometimes I hold it in 1 hand while hitting the numbers with my other hand, & sometimes it's just lying on a flat surface when I hit the numbers)

 

[derekullo]

So the most secure place to use my phone is an environment with 0g?

Good luck capturing my phone's orientation there.

I ask this half serious / half sarcastic lol.

 

[Guest]

Or make the number layout of the PIN keypad vary. It requires people to remember the numbers and not the pattern but... you're welcome.

They already have this on many door locks (like the samsung shs-h700).

 

[acme64]

why would they need your pin when they already have access to the phone? thats like breaking in through a window to pick the lock...

 

[mrmez]

Or make the number layout of the PIN keypad vary. It requires people to remember the numbers and not the pattern but... you're welcome.

First time:
123
456
789
0

Second time:
148
029
356
7

Nth time:
503
429
716
8

That's a good short term solution that can be implemented immediately.
Exploiting this does seem like a long shot.

However, I'm still shocked to see how many people have NO lock on their phones, and a lot have these swipe patterns because.... typing is too hard. Seems people will give up security for the slightest convenience.

I still think Apple has the best solution with the fingerprint scanner. Nothing is foolproof obviously, and unlike other phones, there's no swiping your finger, just touch it. If I have any gripe, it's too fast and too accurate. I can't even wake my phone with a registered finger without unlocking it

 

[bloodroses]

Most phones have the finger print scanners now. My work Samsung Galaxy S6 and my home Moto Z Play both have it, although I don't bother (or cant due to work policy) to use the feature. With finger print scanners, sometimes they're quite finicky when it comes to reading the fingerprint.

The biggest issue though is it isn't that hard to lift a fingerprint from somewhere else on the phone, make a copy of it, and use it to get into the phone if a thief wanted to when your phone is stolen. It's actually easier to hack than the pattern method. For work, they make us use a normal passphrase password that requires an upper and lower case letter, a number, a special character, and is at least 8 characters in length because the other methods are not secure enough.

 

[lpedraja2002]

My LG G2 had an option for scrambling the pin layout everytime the phone was woken up. Something so logical and yet the moto maxx 1225 doesnt have it. LG has great features but the quality control sucks bolls.