A Neural Network Has Helped Researchers Crack Smartphone PINs Using Built-In Motion Sensors

Modern smartphones have got a wealth of sensors inside, from the accelerometers to gyroscopes. The sensors like these would make the phones more powerful, and thus it allows you to use your phone’s orientation as a form of an input mechanism in a video game. For example, they also present a potential way for the hackers to figure out a four-digit pin, new researchers has revealed. Earlier, the Indian engineers developed real-time automatic obstacle detection and an alert system that will help cars avoid colliding with the cattle on the road.

Computer scientists from the Newcastle University in the United Kingdom found that by monitoring the sensors like the smartphone’s gyroscope, accelerometer, and magnetometer, which would detect things like the device’s motion and orientation. They are also able to figure out a user’s pin 74 percent of the time on just the first guess. The same number has risen to 94 percent at the end of the third try.

The entry point for the attack in detecting the PIN was a javascript exploit delivered through the browser on the smartphone. All any smartphone user had to do was to just click on a link that had malicious software, and that would then detect the phone’s sensor data in the background.


The entry point for the attack in detecting the PIN was a javascript exploit delivered through the browser on the smartphone.

Maryam Mehrnezhad, a researcher at the School of Computing Science at the Newcastle University and who was the first author on a new study in the International Journal of Information Security, states that everyday activities like picking up your phone, walking, or running will create “distinct patterns” in the sensor data. And that has got the privacy implications. “You don’t want, for example, an insurance firm to know if you are an active user or you are a lazy person,” she added.

Click Here For Latest Technology News

By snooping on the sensor data when the users were entering their pins, the researchers were able to infer what those four-digit codes were with a “high accuracy,” she says. To get there, at first, they have used data from people keying in their pins and to reach the artificial neural network.

In the case of Safari, Mehrnezhad says that their method worked even when the phone was locked after the link had been clicked on, meaning that it could then detect the pin-typed in to unlock the phone. “We reported it to [Apple], and they had fixed it,” she says. The fix happened last year as a part of the iOS 9.3 update. She added that they told all the major browsers about the problem. The Firefox, for example, said that they fixed it last year.

The kinds of sensors which Mehrnezhad is studying are a multitude of places, from smartphones to the smart cities, she says. “And if these sensors are not managed securely and appropriately,” she warns, “they can reveal everything about you.”

Click Here For More News About Wearables

Mehrnezhad’s team is not the first to show that sensors are a vulnerability but Kevin Fu, an associate professor of electrical engineering and computer science at the University of Michigan, has also earlier demonstrated that the accelerometers in devices are a path in manipulating them, the New York Times reported last month.

“Sensors might represent the weakest link in IoT security,” Fu said, in an email, referring to the Internet of Things. “So ubiquitous, yet so untrustworthy and so poorly understood.”

Author: WOA Admin

Share This Post On

Leave a Reply

Pin It on Pinterest

Share This