If you think that mobile phone devices have considerable security, this may not be entirely true. According to research by Nanyang Technological University in Singapore, the smartphones have a major vulnerability.
The researchers themselves managed to unlock smartphones using a combination of information collected from six different sensors and state-of-the-art deep learning and automatic learning algorithms.
They managed to unlock an Android device with 99.5% accuracy in just three tries, a phone that had one of the 50 most common PIN numbers. So far, the success rate of the best telephone hacking was 74% for the 50 most common PIN numbers.
Now, the technique can be used to guess any of the 10,000 possible four-digit PIN combinations.
How does it work
The researchers used sensors on a smartphone to find out what number had been pressed by their users, depending on how the phone was tilted and how much light the phone was blocking.
Researchers believe that their work highlights a significant flaw in the security of smartphones, since the use of sensors inside phones does not require permissions for the phone user and are available for all applications to have access.
The team took Android phones and installed a custom application that collected data from six sensors: accelerometer, gyroscope, magnetometer, proximity sensor, barometer and ambient light sensor.
“When a user enters the PIN, the way the phone moves when he presses 1, 5 or 9 is very different, in the same way, pressing the 1 with the right thumb will block more light than if the 9 is pressed”, explains Dr. Bhasin, who led the project.
The classification algorithm was trained with data collected from three people, each of whom entered a random set of 70 four-digit pin numbers into a telephone. At the same time, the relevant reactions of the sensor were recorded.
Malicious applications with learning capacity
Known as deep learning, the classification algorithm was able to give different weightings of importance for each of the sensors, depending on how sensitive each one was to the different numbers that are pressed, which helps to eliminate the factors that judge that they are less important and increases the success rate for PIN recovery.
Although each person enters the security PIN on their phone differently, the scientists showed that as more people’s data fed into the algorithm over time, success rates improved.
Therefore, even if a malicious application does not guess a PIN immediately, through machine learning it could collect data and launch an attack later, when the success rate is much higher.
“In addition to the potential for filtered passwords, we are concerned that access to phone sensor information may reveal too much about a user’s behavior, which has important privacy implications to which individuals and businesses must pay urgent attention.” alert the researchers.
To keep mobile devices safe, Dr. Bhasin advises users to have a PIN with more than four digits, along with other authentication methods such as one-time passwords, such as facial or fingerprint recognition.