The data collected from different sensors on your smartphone can reveal PINs and passwords to hackers and allow them to unlock your mobile devices, researchers at the Nanyang Technological University, Singapore announced on Tuesday (Dec 26). This, they said, highlights a “significant flaw” in smartphone security, as using the sensors within the phones require no permissions to be given by the phone user and are openly available for all apps to access.
While a malicious application may not be able to correctly guess a PIN immediately after installation, using machine learning, it could collect data from thousands of users over time from each of their phones to learn their PIN entry pattern.
According to their study published in Cryptology ePrint Archive, using a combination of information gathered from six different sensors found in smartphones and machine learning and deep learning algorithms, the researchers succeeded in unlocking Android smartphones with a 99.5 percent accuracy within only three tries, when tackling a phone that had one of the 50 most common PIN numbers.
Led by Indian-origin NTU senior research scientist, Shivam Bhasin, the researchers used sensors in a smartphone to model which number had been pressed by its users, based on how the phone was tilted and how much light is blocked by the thumb or fingers.
The team of researchers took Android phones and installed a custom application which collected data from six sensors: accelerometer, gyroscope, magnetometer, proximity sensor, barometer and ambient light sensor.”When you hold your phone and key in the PIN, the way the phone moves when you press 1, 5 or 9, is very different. Likewise, pressing 1 with your right thumb will block more light than if you pressed 9,” Bhasin said.
The previous best phone-cracking success rate was 74 percent for the 50 most common pin numbers, but NTU’s technique can be used to guess all 10,000 possible combinations of four-digit PINs.