Scientists Prove Your Phone's PIN Can Be Stolen Using Its Gyroscope Data (digitaltrends.com) 61
A team of scientists at Newcastle University in the UK managed to reveal a user's phone PIN code using its gyroscope data. "In one test, the team cracked a passcode with 70 percent accuracy," reports Digital Trends. "By the fifth attempt, the accuracy had gone up to 100 percent." From the report: It takes a lot of data, to be sure. The Guardian notes users had to type 50 known PINs five times before the researchers' algorithm learned how they held a phone when typing each particular number. But it highlights the danger of malicious apps that gain access to a device's sensors without requesting permission. The risk extends beyond PIN codes. In total, the team identified 25 different smartphone sensors which could expose compromising user information. Worse still, only a small number -- such as the camera and GPS -- ask the user's permission before granting access to that data. It's precise enough to track behavior. Using an "orientation" and "emotion trace" data, the researchers were able to determine what part of a web page a user was clicking on and what they were typing. The paper has been published in International Journal of Information Security.
Re: (Score:3)
1. write iphone app 2. record sensor data 3. sell PINs 4. profit!
Why did his statement get voted down? I think it's insightful satire.
As a firefighter, we are taught "Forcible Entry", because we may show up to a burning house and the homeowner may be able to answer the door. The first words out of the instructors mouth, Day 1, "locks keep honest people honest." Simple and profound.
Seems like the front door to your house and the front door to your phone are only as safe, as the moral society in which you live allows.
Re: (Score:2)
.... show up to a burning house and the homeowner may be able to answer the door.....
Ehem, may NOT be able to answer the door. LOL Too early for posting... need coffee.
It was a inside job! (Score:3)
So they are saying that if a malicious compromising app is already installed and running on your phone, then your phone could be compromised?
Were they on salary while determining this?
Escalation (Score:3)
Personally I see the moral of the story as being the old one that security is weakened if you have to use the access method very frequently. That's one of the reasons why alarm systems often have a different code for each user instead of ending up with four numbers almost worn off the keypad after a few years.
How many days would elapse before the user had entered their PIN fifty times in their phone? I don't think it would be a very long time and the malware can wait
Re: (Score:2)
Re: (Score:2)
Since the digital keypad on phones is a graphic display, why not simply have the keypad randomly rotated, so the patterns keep changing?
Even better than rotating, scramble the number positions.
All this talk of seeing somebody typing in a PIN from a distance, recording the phone movement etc just make me wonder.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Stack up enough similar data and the uncommon stuff becomes trivial noise.
Re: (Score:1)
Maybe they'll get a Nobel prize, just like Obama.
Re: (Score:2)
Re: (Score:2)
I'm pretty sure mobile OS' don't allow user level apps to read touch positions from things like the lockscreen.
Re: (Score:2)
With a similar argument: what is an app actually going to accomplish once it has the unlock code ?
Re: (Score:2)
Create a dark database so that stolen phones are suddenly valuable again?
It's almost as if you have no imagination.
Re: (Score:2)
30% of phone owners don't use a password anyway, and most people who find/steal a phone don't have access to this dark database, plus you need to convince people to install the malicious app. All in all, a very small risk.
Re: (Score:2)
30% of phone owners don't use a password anyway, and most people who find/steal a phone don't have access to this dark database, plus you need to convince people to install the malicious app. All in all, a very small risk.
Got a reference for that statistic?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I imagine it would be useful to state actors; Build up a database of pin codes then if you snatch a phone in a raid / at the border if it's part of your drag net you can unlock it without all the fuss like the San Bernardino iPhone caused.
Re: (Score:1)
I imagine the "malicious app" might be a pinball game that you gave gyro permissions to, and/or a puzzle-sliding mini game that lays out on the screen in a manner suspiciously similar to the lock screen. After that it would need to be able to look up historical gyro data.
The article doesn't provide enough detail, so I'm just speculating. But I would imagine it might just take a little bit of cleverness to trojan this into a real world scenario.
Of course it should be an inside job... (Score:2)
This is an entirely sensible thing to do. You might have a game that uses the gyroscope. Embedded within that game there might be a rogue application that also uses the gyroscope data to measure the tilt as a result of using the keyboard, and report that along with your high score, or whatever to some game sever. If you have some security mode so when you are entering a password, it disables keyboard sharing, screen grabs, the camera (looking for reflections in you glasses) and the microphone (in case you
Re: (Score:2)
In other news, they seem to imply that nothing can currently be done against this very specific threat... however, if you set the numerical password entry to be with randomized number location, it seems to me that the gyro is not very useful, as it will provide random data. This feature has been around for a while, and is good against the good ol' eyeball mark 1 infiltration app too (unless the observer is so far over your shoulder that they can directly observe the numbers, obviously).
Scientists (Score:2)
Old tech ... (Score:3)
Long before touch-screens with capacitative sensing became commonplace there were some touch-screens systems that used a gyroscope as its sensor to sense how much the screen rocked when a user touched it.
It was very crude and inaccurate compared to other approaches but it could be mounted to most regular CRT computer monitors.
Unfortunately I have sold off my computer magazines from the early '90s so I can't look up the name of the manufacturer.
Re: (Score:2)
Re: (Score:2)
I kinda have to call bullshit on this (Score:5, Insightful)
You really wanna tell me my gyroscope is in the same position in all these scenarios?
Re: (Score:2)
HA HA HA HA
dumass
Re: (Score:2)
The gyroscope does not care what orientation it's in. The accelerometer does, but even then it's easy to subtract out 1G of orientation to isolate short transients.
Re: (Score:2)
If I'm a researcher entering a PIN multiple times I'm in a chair hunched over the phone. Me? I'm in my La-Z-Boy. I'm on the toilet. I'm in bed. I'm in the kitchen cooking. I'm at a red light getting a message. I'm in the grocery store unlocking my shopping list.
You really wanna tell me my gyroscope is in the same position in all these scenarios?
From looking at the summary (TFA is not interesting enough to read), my guess is that they use the mouvement of the phone as you as entering your password. For instance, if you press the #9, your cellphone will slightly tilt to the upper left (compared to the other key). By comparison, the #4 will tilt slightly relatively at the same strength on the left side, but less on the upper side. So if you look at the gyro's data of the 4 digit, you can certainly make a pattern and have an idea of what if the passwo
Re: (Score:2)
You really wanna tell me my gyroscope is in the same position in all these scenarios?
It's called filtering and analysis. The starting position isn't at all important if it can be characterised.
Re: (Score:2)
Only load from safe sources (Score:2)
this attack only works on those downloading from untrusted sources.
Re: (Score:2)
Iframe/JS attack possible too (Score:1)
This could happen on any web page you happen to have visited and left open, in some cases the browser can be minimised and screen locked
https://link.springer.com/arti... [springer.com]
Simpler method (Score:3)
Just make an app that occasionally shows a fake unlock screen, and just capture the touches.
PIN length? (Score:2)
I generally rely on a biometric sign in for my phone*, but fall back on the PIN code once or twice per week. It's a whole lot more than 4 digits.
* I know, biometrics have their own set of risks; different conversation [slashdot.org]
NO GYROSCOPE IN PHONES (Score:2)
Re: (Score:2)
--Easy solution: OS Disable the accelerometer when prompting for a pass code.
PIN layout scrambling defeats this? (Score:2)
Good thing this does not apply (Score:2)
Because phones don't have gyroscopes. They have accelerometers.