Hackers could guess your phone PIN using its sensor data
Instruments in smart phones such as the accelerometer, gyroscope and proximity sensors represent a potential security vulnerability, according to researchers from Nanyang Technological University, Singapore (NTU Singapore), whose research was published in the open-access Cryptology ePrint Archive on 6 Dec.
Using a combination of information gathered from six different sensors found in smart phones and state-of-the-art machine learning and deep learning algorithms, the researchers succeeded in unlocking Android smart phones with a 99.5 per cent accuracy within only three tries, when tackling a phone that had one of the 50 most common PIN numbers.
The previous best phone-cracking success rate was 74 per cent for the 50 most common pin numbers, but NTU’s technique can be used to guess all 10,000 possible combinations of four-digit PINs.
Led by Dr Shivam Bhasin, NTU Senior Research Scientist at the Temasek Laboratories @ NTU, researchers used sensors in a smart phone to model which number had been pressed by its users, based on how the phone was tilted and how much light is blocked by the thumb or fingers.
The researchers believe their work highlights a significant flaw in smart phone security, as using the sensors within the phones require no permissions to be given by the phone user and are openly available for all apps to access.
How the experiments were conducted
The team of researchers took Android phones and installed a custom application which collected data from six sensors: accelerometer, gyroscope, magnetometer, proximity sensor, barometer, and ambient light sensor.
“When you hold your phone and key in the PIN, the way the phone moves when you press 1, 5, or 9, is very different. Likewise, pressing 1 with your right thumb will block more light than if you pressed 9,” explains Dr Bhasin, who spent 10 months with his colleagues, Mr. David Berend and Dr. Bernhard Jungk, on the project.
The classification algorithm was trained with data collected from three people, who each entered a random set of 70 four-digit pin numbers on a phone. At the same time, it recorded the relevant sensor reactions.
Known as deep learning, the classification algorithm was able to give different weightings of importance to each of the sensors, depending on how sensitive each was to different numbers being pressed. This helps eliminate factors which it judges to be less important and increases the success rate for PIN retrieval.
Although each individual enters the security PIN on their phone differently, the scientists showed that as data from more people is fed to the algorithm over time, success rates improved.
So while a malicious application may not be able to correctly guess a PIN immediately after installation, using machine learning, it could collect data from thousands of users over time from each of their phones to learn their PIN entry pattern and then launch an attack later when the success rate is much higher.
Professor Gan Chee Lip, Director of the Temasek Laboratories @ NTU, said this study shows how devices with seemingly strong security can be attacked using a side-channel, as sensor data could be diverted by malicious applications to spy on user behaviour and help to access PIN and password information, and more.
“Along with the potential for leaking passwords, we are concerned that access to phone sensor information could reveal far too much about a user’s behaviour. This has significant privacy implications that both individuals and enterprises should pay urgent attention to,” said Prof Gan. Dr Bhasin said it would be advisable for mobile operating systems to restrict access to these six sensors in future, so that users can actively choose to give permissions only to trusted apps that need them.
To keep mobile devices secure, Dr Bhasin advises users to have PINs with more than four digits, coupled with other authentication methods like one-time passwords, two-factor authentications, and fingerprint or facial recognition.
Edited by Ariasun editorial board
for ariasun products online shopping ,click here.
website ariasuniweb net ariasuniportal ariasuni Health Journal Family physician Medical Health Ariasan Elcomp </ em> Elcomp Exhibition </ em> Online Elcomp Therapy Health Electronics Tourism Aryans City Net Soocom Ariasun Soopak Ariasun medipharma Advertisement Reader The requirements Employment Currency Exchange Currency Coin Gold < em> car property land building stock exchange bank Government People Leader Assembly Quran Book Student University Knowledge base Exercise Sima Sound Religion < / em> Life People Hope Work Dread Unemployment youth exercise information technology computer < / em> Hardware Software Computer Server Virtual Tablet < / em> Mobile Zanjan Tehran Iran Germany Greece Georgia Georgia Dubai World Air Space < em> Country Product Finder AriaSun International Group Online Store WikiPharma AriaSun Production Industrial Operations Equip Installation & Investment Air Space International Trading Research Industrial Business Medical Dummy Undoubtedly Health Drug Therapy Health Information Technology & Computer Airlines Tourism Logo Design Sticker Design Advertising Campaign Science & Research News </em > Political News Economic Trade International Stock Market News Medical Tourism & Cultural Heritage Aeronautics & Tourism Sport & Olympic Domain and University The Quran Arts & Culture Industry & Technology Accidents Ladies Currency and Gold Coins Flats Rip’s Web Site Kandasheh Ahwaz Web Site Foot Website Abuse Clean Sean Cinere Live Nature Whats Punababy Mussels Clinic Radarians Man AriaSun Preddies Reservations < Em> Tourists Unemployment youth exercise CityNet PakSaman SooComAriaSun SooPakAriaSun MediPharma AriaSun Kalayab AriaSunBazar AriaSunBazar Medeca MediKala Artists Group AriaSunGroup Web site designing RP Pilgrimage website Historical tours website Web Resident Resorts site Tours website The Pana The Natural Tours Website Kandesheh Ahwaz The Scientific Tour Website Oil & Refineries The Sports Tour Website Gas The Web Tours Water Exposure Tour Site Travel Tour Website Travel Tours The Last-minute Tours Site Tours of the last minute Web-site of the local tours Recreation site Internal tours site Pilgrimage Fun Places Design Web Design City Net Designing a Holiday Resort Pilgrimage Pilgrimage Website designing pilgrimage City Net Pilgrimage Travel </em > Designing Travel Planner Website Designing Travel Places Historic Places Designing Historic Places Historic Places Design Residences Residential Residential Design Residential Residential Design Cultural Places Designing a Web Site for Cultural Places Designing Cultural Places Natural Places Natural Places Designing a natural site Designing a natural website scientific Designing for scientific Designing for scientific sports sports designing sports < Em> Sports Facilities Design Sports Facilities Sport Sport Designing a Sports Center for Extreme Sports Creating places Designing for Exhibition Exhibit places Designing Exhibit Places Designing Exposure Website Web Recreation Recreation Web Design Recreational tours The design of the tourist resorts Pilgrimage Pilgrimage Pilgrimage Pilgrimage Pilgrimage Tours Historic Tours Tour Design Historic Tours Web Tour Design Historical Tours Residential Tours Resorts Tour Design Residential Tour Website Design Cultural Design Cultural Tour Site Cultural Tour Website Natural Designing Natural Tours Designing Natural Tours Web Site Science Designing Scientific Tours Designing Sci-Fi Web Site Designing a Sports Tour Designing a Sports Tour Website Designing a Tours Tour Designing a Touring Web Site Exhibit Exhibit Tour Travel Designing Tours Tour The Last Moment Toure The Last Moment Designing the Last Minute Tours Internal Tours Designing Local Tours Designing a Web Site Tour </em > Foreign Tours Designing a Tours Site Designing a Website for Tours Coastal Work < em> Designing the Coast Guided Tour Urban Designing Urban Tours Urban Touring Sights < Em> Sightseeing Design Sightseeing Web Site Mountaineering Sailing Designing Sailing Tours < Em> Website Designing Sailing Tours Aviation Designing Tours Cruising Cruising ships Creating cruise ship cruises Creating Cruise Cruises Inbound Flights Designing Inbound Flights Foreign Flights Designing a Foreign Airmail Web site Last Minute Flights Web Design Last Minute Deals cheap Website Design Cheap Flights Online Shopping Online Sales Online Selling Website Design Online Shopping Online Store Online Store Design Online Tickets Design an Online Ticket Internet Designing a Web Store Internet Tickets Designing an Internet Ticket > parscoders
Finance & Administration
Soopak Ariasun ( IT )
Sookam Ariasun ( Medical and Veterinary )
Aerospace ( Pad Ariasun )
Manufacture and production ( Rad Ariasun )
Airline and Tourism ( Man Ariasun )
International Commerce ( Mad Ariasun )
Research Center Ariasun ( R&D&C )
Cultural,Satellite and Digital
AriaSun International Group