A typical SmartPhone comes with a number of sensors, like microphone, camera, proximity sensors, fingerprint reader etc for better user experience and features. A high-end SmartPhone comes with additional sensors like magnetometers, barometers, thermometers and even sophisticated sensors like accelerometers and gyroscopes for motion detecting. But did you know that these smartphone sensors can lead to potential compromise of your personal data which includes sensitive information like passwords? This post explains about the security and privacy concerns of growing number of SmartPhone Sensors.
How SmartPhone Sensors can be leveraged to Hack Passwords.
According to the researchers, the PINlogger.js can be embedded in web pages as well as standalone apps which can be installed on user devices. The study was conducted on Chrome on an Android device (Nexus 5), involving 10 users, each entering all the 50 4-digit PINs for 5 times. It was able to guess the PIN 70% of the time at first try. On increasing the rate, 100% success rate was reached on the fifth try. These results are rather concerning as the PIN guessing and success rate is extremely high.
|Image credits: https://link.springer.com/article/10.1007/s10207-017-0369-x|
Should the users be worried about the SmartPhone Sensor monitoring attack?
Possible solutions against SmartPhone Sensor based attacks.
Since the vulnerability is due to the SmartPhone sensors being misused, one possible solution suggested by the researchers is to restrict permissions how these sensors are accessed by apps and websites. Other suggested solutions are: -
- Use longer PINs,
- Change PINs often,
- Check the app permissions before installation,
- Stop the apps from running in the background unless necessary.
- Adopt other methods of authentication.
Source & Technical Details : https://link.springer.com/article/10.1007/s10207-017-0369-x