Categories: Security

Smartphones ‘Can Be Unlocked’ Using Covert Sensor Data

Researchers in Singapore have demonstrated a machine learning technique that could allow hackers to accurately determine a smartphone’s access code in three guesses, based on information collected from the device’s sensors.

The Nanyang Technological University (NTU) study collected data from six Android smartphone sensors as three users entered a set of 70 randomly selected, four-digit passcodes, and used a machine-learning algorithm to analyse how the phone tilted or how much light was blocked by the user’s hand as each digit was pressed.

The system was able to unlock an Android smartphone with a 99.5 percent accuracy rate in only three tries, when used on a phone that was protected using one of the 50 most common four-digit access codes.

Researchers said the system could be expanded to work on all the possible combinations of four-digit numbers.

Sensor spying

Their study is similar to one published by Newcastle University last year, which achieved 70 percent accuracy on the first try, rising to 100 percent in five guesses.

In both cases, researchers collected data from phone sensors, with the NTU Singapore study using information from the phone’s accelerometer, gyroscope, magnetometer, proximity sensor, barometer, and ambient light sensor.

“When you hold your phone and key in the PIN, the way the phone moves when you press 1, 5, or 9, is very different,” stated Dr. Shivam Bhasin, who worked on the 10-month project with David Berend and Dr. Bernhard Jungk.

Both studies highlight the way seemingly unimportant sensor information can be used to crack even critical security protections.

The sensors used in the NTU study require no permissions to be granted to an app by a phone’s user and as such are available to any mobile software.

[poll id=”125″

Automated PIN cracking

As a result, the researchers said a malicious app could conceivably be built that could collect code-entry data from thousands of users over a period of time and analyse it to the point of being able to reliably crack the code protecting any given handset.

NTU urged phone makers to place more restrictions on how apps can access sensor data.

“Along with the potential for leaking passwords, we are concerned that access to phone sensor information could reveal far too much about a user’s behaviour,” stated NTU professor Gan Chee Lip.

Researchers also recommended the use of passcodes with more than four digits and extra protective measures such as fingerprint sensors, two-factor authentication or one-time passwords.

Put your knowledge of artificial intelligence (AI) to the test. Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Malicious Online Ad Campaign Steals User Logins

'Magnat' malicious advertising campaign uncovered by Cisco Talos has been stealing login credentials and other…

22 hours ago

Waymo, Nuro Launch Robo-Delivery Services In California

Cruise starts robo-delivery service in Mountain View as Waymo plans limited trial of grocery-delivery service…

23 hours ago

NSO Spyware ‘Used To Hack US Diplomats’

Apple alerts employees of US State Department of hacking by NSO Group's controversial Pegasus spyware…

23 hours ago

Starlink Plans Services In India As SpaceX Breaks Launch Record

Starlink to apply for commercial licence to provide satellite broadband services in India, as parent…

24 hours ago

Musk Tesla Share Sale Surpasses $10bn

Elon Musk's Tesla share sell-off surpasses $10 billion as it reaches into fourth consecutive week,…

1 day ago

Uber To Pay $9m Settlement Over Safety Reporting Failure

Uber agrees to pay $9 million to settle dispute with California regulators over its failure…

1 day ago