VIA | Is your microwave spying on you? Probably not, but your phone might be.
New research shows that hackers can use components in your phone to figure out your PIN — and potentially more — fairly simply. So how can your phone be used to spy on you, and what can you do about it?
In IT Blogwatch, we change our password (over and over and over again).
So what is going on? Tyler Lee has the background:
The point of PINs and passwords is to protect your device or account [from] being accessed by someone else. You might think that putting a PIN on your phone is a great way to prevent hackers…from getting into your phone, but…your phone might have already given you away.
What now? How could it have done that? Milen Y. explains:
A study by Newcastle University claims that hackers can crack your password or PIN code based on the movement of your smartphone while typing…the experts say that during the study, they’ve managed to crack four-digit PINs with 70% accuracy on the first try, and have them guessed by the fifth attempt, relying on nothing more than data collected from motion and orientation sensors.
Well, that is troubling. But how can hackers use the sensors to determine your PIN? Brian Reigh has more details:
Because most apps and websites don’t need special permissions to access the device’s motion and orientation sensors, malicious hackers could “listen in” on your sensor data without your knowing…Because every movement — tapping, scrolling, long-pressing — leads you to hold your device in a unique way, hackers could potentially use…standard sensors to monitor on which part of the page your touch is registered and what you are typing…According to…researchers, unless you close down completely the app or the website that contains the malicious codes, hackers could spy on you even when your phone is locked.
At least that has got to be the worst of it, right? Not so fast. David Szondy has some bad news:
The problem goes beyond technological vulnerability…users have a poor understanding of the security threats they face and do not know what most…sensors in their phones do…they are more concerned about…being spied on by GPS or their phone’s camera.
Though the industry is aware of security problems, there is currently no real solution…a partial fix has been developed by some mobile browser companies…but a complete answer has yet to be found that would not mean effectively denying mobile browsers access to certain data altogether.
So what can users do to protect themselves? Lucian Armasu shares some suggestions:
Dr. Maryam Mehrnezhad, who led the research…had a few tips you can follow…Make sure you change PINs and passwords regularly…Close background apps when you are not using them and uninstall apps you no longer need…Keep your phone operating system and apps up to date…Only install applications from approved app stores…Audit the permissions that apps have…Scrutinise the permission requested by apps before you install them and choose alternatives with more sensible permissions if needed.
If all of those suggestions seem like more trouble than they’re worth…It may be best to stick to using stronger alternatives than PINs such as passwords, or fingerprint authentication, and forget about using PINs for anything.