Security

Hackers Can Now Use Phone Sensors to Steal Your PIN Info

It seems as though there is always news about what new thing hackers are doing to steal your information. This time, they are using phone sensors to swipe your PIN info. Before you read any further, make sure you haven’t yet been affected by malware that could compromise your device. Click here to use Full Virus Scan to check your phone for security threats:

Full Virus Scan completely scans your Android smartphone and SD card from top to bottom, looking for any security threats. It’s the simplest way to make sure that malware hasn’t been installed on your device through a malicious app or link.

You already know that fingerprint locks can be faked, facial recognition can be tricked, and ATMs can be hacked. Now, it turns out that even the way you type your passcode into your Android smartphone can be used against you.

A new study published in the Journal of Information Security and Applications revealed that when you use the microphone, the camera, the GPS, the gyroscopes, and the accelerometers, — when you really look at it all as a whole — such detailed information can determine what a user is doing with his or her phone. This information can even decipher the password a smartphone owner is typing in to unlock it. Recognizing how your phone is tilted as you type in your password makes a pattern so distinct that your PIN can be easily determined.

All it takes for this to work is the installation of a bit of javascript into your Android cell phone. It pays attention to the motion and orientation of the sensors (remember, the GPS, microphone, etc. as mentioned above), to compromise your data. Yes, even while your phone is locked.

The co-author of the study, Dr. Maryam Mehrnezhad, shared a bit of insight on the Newcastle University blog: “We demonstrate the practicality of this attack by collecting data from real users and reporting high success rates, up to 70% identification of digits (PIN) in Android and 56% in iOS.”

That is no small number. It works because these sensors don’t need user permission to work. Once the code is installed on your phone, it can get to work. Think of all of the personal info you have stored inside accessible by your passwords. Hackers can then take your password from wherever you type it in: your email address, your social networks, and your bank account.

That’s why it’s vital to make sure you have an extra layer of protection like a virus and malware program. Also, try to utilize scheduled scans so you can feel assured the antivirus program is constantly checking your device.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.