Researchers: Phone Tilt Could Reveal PIN
Motion sensors in smartphones could give away your lock code to hackers according to new research. But practical limitations mean related attacks might have to be specifically targeted.
Researchers at Newcastle University explored the idea that tools such as accelerometers, gyroscopes, compasses and GPS chips in phones could reveal more detail than users realize. The tools are used for a variety of functions such as location tracking, fitness tracking and gesture control such as a user turning a phone face down to instantly switch it to "do not disturb" mode.
Their theory was that such sensors are so precise that they could pick up the slight tilt in the screen that results from a user tapping the screen in a specific location such as typing in a four digit code to unlock the phone.
App Permissions Sometimes Opaque
That's a potential risk given that, depending on the phone and operating system, it's possible for apps to get user permission to access data from the sensors, often in a confusing manner and for apps that don't have any legitimate reason to need the data. The researchers noticed that it's even possible in some cases for code on a malicious mobile website to get the data without user permission.
The researchers ran a series of tests typing in codes and then looking at the associated tilt sensor data and finding the relevant patterns. They then ran fresh tests where researchers didn't know what codes were typed in. By using the sensor data they were able to correctly guess 70 percent of the codes on the first attempt and got every code within five attempts, which is less that the number of wrong attempts allowed on most handsets. (Source:
Business Spying Most Likely Use
The good news is that because a hacker would first need to get access to the data (for example through an app or rogue site) and then physical access to the phone, it would only really be useful for targeting specific individuals such as in corporate espionage.
According to the researchers, phone and software makers could take three steps to reduce the risk. One is to fix security flaws in mobile browsers that could allow unauthorized sensor data access. Another is to actively warn the user when an app was accessing sensor data. The third is to let users to set permissions such that apps can only access sensor data when the app is on-screen and active rather than in the background. (Source: arxiv.org)
What's Your Opinion?
Had you considered this risk before? Do you pay close attention to permission settings when you install apps? Is there anything else phone and software companies could do to mitigate the risks?
Infopackets Top Windows 10 FAQs
How to Upgrade from Windows 10 32-bit to 64-bit
How to Fix: Windows 10 Antivirus Missing, Not Compatible
How to Fix: Windows 10 Display Shifted; Screen Fuzzy
How to Upgrade Windows 7, 8 32-bit to Windows 10 64-bit
to Downgrade from Windows 10
- How to Fix: Windows 10 Upgrade Failed Error C1900208
- How to Fix: Windows 10 Upgrade Failed Error 80240020
- Can I Cancel my Windows 10 Reservation and Reserve Later?
- How to Clean Install Windows 10 using Windows 7, 8 License
- Will Windows 10 Install Automatically?
- Windows 10 Upgrade: Do I have to Reinstall Programs?
- Windows 10 Upgrade: Can I choose 32-bit or 64-bit?
- Which Version of Windows 10 Will I Get (Home or Pro)?
- How to Reserve Windows 10 Upgrade (Free)
- How to Fix: CPU Not Compatible with Windows 10 Error
- Windows 10 Upgrade: Can I keep my Old Windows Install?
- How to Cancel Windows 10 Reservation (Properly)
- Download Windows 10 .ISO (DVD) for Clean Install?
- Microsoft: Windows 10 Will Be The Last Version
- Does Windows 10 require the CPU to support PAE?
- Windows 10: Can I Upgrade or do I need a Clean Install?
Click here for more Windows 10 articles.