Engineering news
Cyber experts at Newcastle University found that criminals use motion sensors in phones to track hand and finger movements to obtain users’ PINs and passwords.
The rise in the popularity of gaming and fitness apps has led to smartphones and other Internet of Things devices being equipped with as many as 25 sensors, from cameras to gyroscopes that track tapping, clicking and scrolling and are able to spot unique motion patterns.
“Many of these sensors are used in apps without asking for permission from users,” Maryam Mehrnezhad, a cyber expert at the university, told PE. “This leaves the door open for hackers.” Cameras and GPS are usually the only sensors that ask for permission, she added.
The scientists warn that background apps and web pages could host hacking codes able to access the motion sensors on your phone to obtain patterns that lead to your private information .
So apps should be closed when not in use. They also advise that PINs and passwords should be changed regularly, and operating systems and apps should always be updated.
The researchers found that users were more concerned about being hacked through cameras, GPS and microphones on their devices than the rest of the sensors, so-called “silent sensors”. The study reports that users believed cameras could use face recognition to spy on them, or they might say their PIN out loud and the microphone could pick it up.
However, the team found that risk levels for motion sensors are much higher. Such sensors can decipher four-digit PINs with 70% accuracy on the first guess and 100% by the fifth guess from just the tilting movements of devices.
But not everyone is convinced by the research. “The amount of training required to even semi-reliably extract details doesn't make this sound like a terribly effective way to snoop on people,” said Graham Cluley, independent cyber security analyst. “If you really wanted to spy on someone, there are easier ways to do it than this.”
The Newcastle team is confident the threat is there, though: it has even alerted tech giants such as Google and Apple and is “working closely with the industry to find a solution for this problem,” said Mehrnezhad. “It is a complex problem and we want to design a solution which keeps a good balance between security and usability.”
That’s not the only cyber threat to our phones. Using public WiFi hotspots for shopping and banking transactions can also "lead to cybercriminals stealing your information," said David Emm, principal security researcher at cyber security company Kaspersky Lab. Emm added that using Virtual Private Networks (VPNs) in public places that "create a personal, secure tunnel for each user and ensure that online activities stay private," as well as downloading a security app for your phone.
The researchers are now studying wearables, such as fitness trackers linked to online profiles, which could be used to decode the user’s wrist movements and other actions, to see what cyber security threats they pose.
The researchers’
paper appears in the
International Journal of Information Security.