Study Suggests That Tilted Devices Can Easily Reveal The Pin Number To The Hackers
In modern day smartphones the pin number has become the basic feature which helps in keeping device safe from the unwanted access. Pin number based safety lock feature has become so advanced that even government agencies can’t get into the device without inserting the exact combination into the device. A team of researchers has found that hackers can easily steal the mobile user’s pin number by looking at the way device tends to tilt when they type their codes on it.
The team of researchers comprising of computer scientists from Newcastle University has been successful in guessing the four digit pin number with 70% accuracy. They made use of the gyroscope built right in the modern day smartphones to judge the pin codes. It took just five attempts to correctly guess the pin which will allow them to unlock the device.
How This Pin Number Hack Works?
The theoretical hack essentially works by taking advantage of a loophole found in the way modern web browsers tends to share data from the smartphone with websites. Most of the websites now a days asks for a number of information from the user’s smartphone which includes even the location. This requires user’s permission but it helps website in providing the geographical based services or content to the users in the end. Sometimes malicious websites even collects quite awkward and benign data like the device orientation and this thing isn’t notified to the users.
Most of the website and mobile apps don’t require asking for permission in order to access to data related to sensor data. And malicious programs can be designed to covertly listen to the sensor data which can be used in later stages to discover highly sensitive information about the user which includes timing, physical activities as well as the touch actions on the display screen.
So researchers have identified 25 different sensors which are usually present in most of the smart devices and it helps in getting different information about the device as well as its users. In their testing they found that each touch action performed by user whether it is clicking, holding, tapping or scrolling resulted in a unique orientation and motion trace. When such activity is carried on a webpage then it helps in understanding on what part of the page they are clicking upon and exactly what is being typed. This is how they were able to decipher the exact pin number by carefully analyzing the way smartphone is being titled or held by the user.
Leading Web Browsers Informed
Researchers have already informed Google and Apple about the risks associated with the modern web browsers and the smartphones. They had also published a similar finding way back in 2015 wherein they established that fact the tool for reporting the battery status to the websites can be compromised. Due to their diligence this feature was completely removed by the year 2016 and it helped in bringing a safe web browsing experience for the users.