PINlogger: JavaScript tool to Hack Passwords Just By monitoring SmartPhone Sensors

SmartPhone motion sensors can be used to hack PINs, Passwords and other sensitive info from users by using a Javascript tool called PINlogger

SmartPhone Sensor Hack

A typical SmartPhone comes with a number of sensors, like microphone, camera, proximity sensors, fingerprint reader etc for better user experience and features. A high-end SmartPhone comes with additional sensors like magnetometers, barometers, thermometers and even sophisticated sensors like accelerometers and gyroscopes for motion detecting. But did you know that these smartphone sensors can lead to potential compromise of your personal data which includes sensitive information like passwords? This post explains about the security and privacy concerns of growing number of SmartPhone Sensors.

How SmartPhone Sensors can be leveraged to Hack Passwords. 


A recent study conducted by The Newcastle University shows that motion sensors found in android SmartPhones could let an attacker get the security PINs of users. They have proposed a JavaScript tool named PINlogger.js which is a JavaScript-based side channel attack vector. This can be embedded into websites controlled by attackers and when an unsuspecting user visits the web page, it starts to listen to the motion and orientation sensors. This doesn't require any permission from the user and thereby works in stealth mode. Data thus collected is analyzed using an artificial neural network to infer the user’s PIN.

Attack Methodology 


According to the researchers, the PINlogger.js can be embedded in web pages as well as standalone apps which can be installed on user devices. The study was conducted on Chrome on an Android device (Nexus 5), involving 10 users, each entering all the 50 4-digit PINs for 5 times. It was able to guess the PIN 70% of the time at first try. On increasing the rate, 100% success rate was reached on the fifth try. These results are rather concerning as the PIN guessing and success rate is extremely high.

SmartPhone Sensor PINs hack
Image credits: https://link.springer.com/article/10.1007/s10207-017-0369-x

Should the users be worried about the SmartPhone Sensor monitoring attack? 


Yes and No. Neural Networks are used here and practically deploying it to target a user required a good amount of training data. Moreover, the user has to keep a web page with the malicious javascript PINlogger.js injected opened in the background and then try to enter PINs repeatedly to result in a successful guessing. However this SmartPhone Sensor attack is successful mostly against guessing PINs, and most of the instances a simple 4 digit code are used for ATM PINs, NFC-based payment systems, etc. People use predictable and easy to remember set of digits like 0000, 1234, 1111 etc as PINs so a sophisticated neural network may not be required always to pull off a successful attack.

Possible solutions against SmartPhone Sensor based attacks. 


Since the vulnerability is due to the SmartPhone sensors being misused, one possible solution suggested by the researchers is to restrict permissions how these sensors are accessed by apps and websites. Other suggested solutions are: -
  • Use longer PINs, 
  • Change PINs often, 
  • Check the app permissions before installation,
  • Stop the apps from running in the background unless necessary.
  • Adopt other methods of authentication. 

Source & Technical Details : https://link.springer.com/article/10.1007/s10207-017-0369-x

COMMENTS

Name

Ad Network,3,adb,1,adblocker,1,Adblocker alternative,1,Adobe Flash Zero Day,1,Adware,1,Android,2,Android Reverse Engineering,1,Android vulnerability,3,Anonymous,1,Anonymous Browsing,2,Apple Hacking,2,Arp Poisoning,1,authentication bypass,1,Automated Tank Guage,1,Automatic Footprinting tool,1,backdoor credentials,1,BadWinmail,1,Banking trojan,1,bcmon,1,Best Adblocker,1,Best free cloud storage,1,Best Password Manager,1,Best TOR Alternative,1,Best VPN Provider,1,best VPN Rating,1,Bettercap,1,Bettercap tutorial,1,BitTorrent,1,BitTorrent Protocols,1,Browse safely,1,Car Hacking,1,Carbanak,1,CIA,1,Circuit Fingerprinting.,2,cleartext cloud API,1,CloudFlare,2,Cobalt Strike,1,Covert Pentesting,1,Cracking Encryption,1,Cracking HTTPS,1,crapware,1,Credential Stealing,1,Credentials Sniffing,1,CreeHack,1,CryptDB,1,cryptography,2,cSploit,1,CSRF,1,custom recovery,1,Cydia,1,cygwin,1,Cypher System,1,Data Breach,1,Data Exfiltration,1,DDoS,2,DDoS Attack,3,Decrypting Tor traffic,1,Deep Web,1,DEF CON 23,2,disk encryption,1,DLL Injection Attacks,1,Dnstool,1,download torrents directly,2,DrDoS,1,DriveDroid,1,DuckHunter HID,1,Elevation Of Privilege,1,encryption,2,Ettercap,1,Exitmap,1,Exploitation,2,Fanny Worm,1,Financial APT,1,Flash Alternative,1,Forgot Windows Password.,1,fraud,1,Free Cloud Storage,1,Free LastPass Premium,1,Free Uptobox Premium Account,1,Free VPN,1,Free Zbigz Premium Account,2,Freedom App,1,GasPot,1,GitHub,1,Giveaways,4,Hack Android,3,Hack Android Games,2,Hack Android In-App Purchase Non Root,1,Hack Cave,18,Hack Clash Of Clans,1,Hack Email,1,Hack Outlook,1,Hack Subway Surfer,1,Hack WiFi Android Without bcmon,1,Hack Windows 10,1,hacking android,6,hacking android pattern lock,1,Hacking Android PIN,1,Hacking Android Through Sound Waves,1,Hacking Cloudflare,1,Hacking CryptDB,1,Hacking electronics,1,Hacking embedded systems,1,Hacking Fridge,1,Hacking Gmail,1,Hacking IoT,1,Hacking KeePass,1,Hacking News,3,Hacking PayPal,1,Hacking Refrigerator,1,Hacking Team,1,Hacking tools,3,Hacking Tricks Android,5,Hacking WiFi With Android,3,Hacking Windows,4,Hacking Windows Password,1,HardSploit,1,HID Attack,1,Homomorphic Encryption,1,Honeypot,1,HORNET,3,How to hack baby monitors,1,How to hack gmail?,1,How to hack IoTs,1,How to hack MAC OS X,1,How To Hack WhatsApp,1,how to install kali nethunter on any android device,1,How Tor Works,1,HTML5,1,ICS,1,Immobilizer,1,Increase Download Speed,1,Information Gathering,1,Install NetHunter,1,Install NetHunter for any Device,1,Internet Of Things,1,Internet Privacy,2,Introduction To Penetration Testing,1,iOS 9,2,iOS hacked,1,IoT,3,IoT Security Audit Tool,1,Jailbreaking,1,Kali Linux,2,kali linux nethunter for android,1,Kali NetHunter,4,Kali NetHunter Nexus 5x,1,Kali NetHunter Sony,1,kali nethunter windows installer,1,KeeFarce,1,Kemoge,1,LastPass Premium Giveaway,1,LastPass Premium Subscription 2016,1,lenavo,1,LinkedIn,1,Lizard Squad,1,Lizard Stressor,1,LSE,1,Mabouia,1,Mac OS X Hacking,1,Malicious JavaScript,1,Malware,4,Man In The Middle Attack,4,MANA Wireless Toolkit,1,Megamos Crypto Transponder,1,MITM,5,Mount Manager Bug,1,Mozilla Firefox,1,MSOffice,1,Netflix,2,Netflix Stethoscope tool,1,NetHunter Devices,1,nethunter install guide,1,NetHunter Nexus 5x,1,NetHunter Tutorial Nexus 5x,1,nethunter tutorial pdf,1,Nord VPN,1,nsISpeculativeConnect,1,NTP Vulnerability,1,Offensive Security,1,Office Exploit,1,OLE,1,Onion Encryption,1,Onion Routing,1,Outlook Exploit,1,Overt,1,Penetration Testing,1,Penetration Testing Tutorial,1,Penetration Testing With KaliLinux,1,Penetration Testing With Metasploit,1,Pentest Report,1,Phases Of PenTesting,1,Phishing,1,PINlogger,1,Post Exploitation,1,PowerMemory,1,PowerShell,1,pre-fetch,1,Prevent In-App purchase hacks,1,privilege escalation,2,Python,1,Quantum Cryptographic Communication,1,quantum physics,1,ransomware,2,read forbes with adblock,1,read toi with adblock,1,Reaver,1,Reflected File Download Vulnerability,1,Reflective,1,Reflective DDoS Attack,1,Remote Code Execution,2,Remote exploit,2,remove ads toi,1,RfA,1,RFD,1,RFID,1,RIFFLE Tor Alternative,1,RIPv1 Protocol,1,Root Nexus 5x,1,Rooting,2,Rootkit,1,Router Keygen,1,SCADA,1,SEA,1,Searchsploit,1,Security News,40,Security Tools,4,Shodan,1,SilverPush,1,Sleepy Puppy,1,Smartphone Sensor hack,1,Smartphones,4,Smartphones hacking,1,soft and hard brick,1,speculative connect API,1,SpiderFoot,1,Sponsored,1,StageFright,2,StageFright 2.0,1,stethoscope tool implimentation,1,Stored XSS,2,StuxNet,1,Superfish,1,surveillance,1,Task hijacking Attack,1,TCP injection.,1,The Basics Of Penetration Testing,1,The Hacking Team,1,Threat Modeling,1,Tor,3,TOR Alternative,4,Tor Exit Relay,1,Tor Guard,1,Tor Hacked,3,torrent to direct converter,2,torrent to IDM,1,tow factor authentication,1,Trend Micro,1,Tutorial,7,TWRP,1,TWRP Nexus 5x,1,Types Of Pentest,1,Types Of XSS Vulnerability,1,uBlock,1,Unlock Bootloader guide,1,Unlock Bootloader Nexus 5x,1,unlock pattern lock android,2,User Focused security,1,VPN Reviews,1,Vulnerability,3,Vulnerability Analysis,1,Vulnerability scanners,1,What is Kali NetHunter,1,WhatsApp Encryption,1,WhatsApp Hacking,1,Whatsapp phishing,1,WhatsApp Vulnerability.,1,WikiLeaks,1,Windows Backdoor,1,Windows Debuggers,1,XcodeGhost,1,Xss,3,XSS Scanner,1,XTEA,1,Zbigz cookie generator,1,Zbigz premium account no survey,1,Zimperium,1,
ltr
item
Hack Cave | Hacks unveiled: PINlogger: JavaScript tool to Hack Passwords Just By monitoring SmartPhone Sensors
PINlogger: JavaScript tool to Hack Passwords Just By monitoring SmartPhone Sensors
SmartPhone motion sensors can be used to hack PINs, Passwords and other sensitive info from users by using a Javascript tool called PINlogger
https://blogger.googleusercontent.com/img/a/AVvXsEj2MLhPfvz7q9GKQXOPgRpIkeRFUGQAzBVqfMvRwZGANcBf1-Maz3DEn74Aa19cQrV84xCpgIVhX9NegdtkB1gf7qNZzEVaDT15fxARbAwZ09weI0AJTppHib1jL6c8ssBqrJFy7_fUXqe2u_6enKxId2TEwgFqPHoyTqRZQbwwATDGZ0_6mQD-bs46=w640-h360
https://blogger.googleusercontent.com/img/a/AVvXsEj2MLhPfvz7q9GKQXOPgRpIkeRFUGQAzBVqfMvRwZGANcBf1-Maz3DEn74Aa19cQrV84xCpgIVhX9NegdtkB1gf7qNZzEVaDT15fxARbAwZ09weI0AJTppHib1jL6c8ssBqrJFy7_fUXqe2u_6enKxId2TEwgFqPHoyTqRZQbwwATDGZ0_6mQD-bs46=s72-w640-c-h360
Hack Cave | Hacks unveiled
http://www.hackcave.net/2017/04/hacking-smartphone-sensors-PINlogger.html
http://www.hackcave.net/
http://www.hackcave.net/
http://www.hackcave.net/2017/04/hacking-smartphone-sensors-PINlogger.html
true
398744729202641828
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content