You may not think of much while unlocking your phone as you go about your day. But according to a new study headed by Dr. Maryam Mehrnezhad of Newcastle University, UK, just the way you hold your phone is enough to hack it.
That’s correct. Using your phone’s motion tracker, a hacker can potentially take control over its contents.
5th Time’s the Charm?
Here’s how the hack is possible.
According to the researchers, the method which utilizes hardware-tracking sensors on a device including the accelerometer and gyroscope, recognizes how you tilt your phone while entering a PIN. It has a success rate of 70% in its first attempt, and after 5 tries, the success rate extends to 100%.
That’s because while websites and apps usually require permission for accessing sensitive information and sensors on a phone (like GPS, camera and microphone), the data pertaining to motion sensors is not considered private enough to require permission at all.
In total the researchers identified as many as 25 sensors that can relay information to outsiders without much of a problem.
Can Access Everything
Using the information on motion sensors, a hacker can track the user and analyze their whereabouts, recognize PINs & passwords and track touch actions. Particularly in the case of websites, it is fairly easy to insert a malicious code and gain access to the user’s sensitive info while the tabs are still open.
The feasibility for hackers utilizing this method is low given the number of systems required to bypass and the amount of data needed before they can accurately figure out a password (you’ll need to enter the password at least 5 times). As it stands, the possibilities once that happens are quite limitless.
Difficult To Patch Out
The University’s researchers have already highlighted the issue to smartphone industry leaders and World Wide Web Consortium, with some like Mozilla already working to resolve it. However, due to a lack of a standard procedure that decides who gets access to sensors, it will be difficult to reach a comprehensive solution for this vulnerability.