Smartphone sensors reveal security secrets

Updated on: 2013-01-29 || Source: bbc.com

Data captured by smartphone sensors could help criminals guess codes used to lock the gadgets, say security researchers.

By analysing data gathered by accelerometers they were able to get a good idea of the Pin or pattern used to protect a phone.

The data was useable because sensors can gather information with more freedom than apps loaded on the device.

Researchers said several different smartphone sensors could be subverted.

Tap to unwrap

Dr Adam J Aviv, a visiting professor at Swarthmore College in Pennsylvania, carried out the attacks by using data gathered by an accelerometer on a smartphone. Typically this sensor logs phone movements in three dimensions: side-to-side, forward-and-back and up-and-down.

The data gathered as the phone is moved is often used in games to steer or guide an onscreen entity such as a car or a ball.

Working with Matt Blaze, Benjamin Sapp and Jonathan Smith from the University of Pennsylvania, Dr Aviv realised that the data gathered by the accelerometer could also be used to work out where someone tapped on a screen when unlocking a gadget with a Pin or pattern.

In controlled tests, data from accelerometers was captured, exported and analysed to see if it matched a bigger "dictionary" of taps and swipes that had been previously gathered.

"It worked surprisingly well," said Dr Aviv of the attack. In tests, the software developed by the team got more accurate the more guesses it was allowed.

After five guesses it could spot Pins about 43% of the time and patterns about 73% of the time. However, said Dr Aviv, these results were produced when Pins and patterns were picked from a 50-strong set of numbers and shapes.

The pin and pattern spotting system did less well when it was applied to data gathered when users were walking around with gadgets. Using a phone while on the move introduced lots more "noise", said Dr Aviv which made it harder to pick out the unlock patterns.

However, he said, many security researchers were getting interested in the sensors that came as standard in smartphones largely because the data they gathered was not subject to the same controls that governs other phone functions.

'Ensure integrity'

"More sensors on smartphones equals a lot more data flowing through these devices, which means protecting them is even more critical," said Kevin Mahaffey, chief technology officer at mobile security firm Lookout.

"One kink or hole in the system could lead to data being exposed and utilised," he said. "As the physical and digital worlds merge, and we become more reliant on the interconnections forged, we need to collaborate across them to ensure the integrity of data."

Dr Aviv said that typically users did not have to give permission for a sensor to gather data even if the information it grabbed had nothing to do with the application they were using.

Other researchers had looked into ways to subvert data gathered by gyroscopes, accelerometers and other orientation sensors to work out passwords, said Dr Aviv. One group even analysed smears on touchscreens to get clues about Pins and patterns.

"We are starting to realise that the way we interact with these devices effects the security of these devices," he said. "The fact that we hold them in our hands is different to the way we use traditional computers and that actually can leak information to sensors in the device."

News

Blackphone 2 'privacy' Android handset revamped
Security firm Silent Circle has revamped its smartphone that helps people manage personal data.
Chinese smartphones mount massive web attack
More than 650,000 Chinese smartphones have been unwittingly enrolled in a massive attack that overwhelmed a web
Hilton investigates hack claims
The Hilton hotel group has said it is investigating claims its US shops and gift stores may be the source of
Twitter website 'blocked' in Turkey
Twitter users in Turkey report that the social media site has been blocked in the country.

SIGN UP FOR NEWSLETTER

Sign up to received our free newsletter!
Name:
E-mail ID:

MOST READ

Views: 7118 Times
Circle Hover Effects with CSS3 Transitions READ MORE
Views: 2628 Times
Facebook's first big investor, Peter Thiel, cashes out READ MORE
Views: 2629 Times
Twitter taken offline by 'cascading bug', site confirms READ MORE
Views: 5514 Times
Recover A Forgotten Password To A Word Document READ MORE
Views: 7236 Times
PHP: Create Your Own MVC (Part 7) READ MORE

Home|IT News|Computer Tips|Video Tutorials|Download Softwares|Subjects|Contact Us
Copyright © 2018. Jumbo Education (Information Technology). All rights reserved.
Free counter and web stats

Large Visitor Globe