Hackers:Passwords/PIN stolen via Mobile Sensors

In every device there a sensors, not to talk a smart device like a smartphone. Do you know that a smartphone has more than 13 sensors in-built for its physical and digital activities ?

Some of these sensors are Accelerator, Gyroscope, Proximity, Light , NFC, Pedometer, Thermometer, Microphone, Camera to name a few.

While the users are benefiting from richer and more personalized apps which are using these sensors for different applications such as fitness, gaming, and even security application such as authentication.

The growing number of sensors introduces new security and privacy risks to end users, and makes the task of sensor management more complex.

According to a team of scientists from Newcastle University in the UK, hackers can potentially guess PINs and passwords – that you enter either on a bank website, app, your lock screen – to a surprising degree of accuracy by monitoring your phone’s sensors, like the angle and motion of your phone while you are typing.
 It doesn’t matter if visiting a secure site in fact this method is more than the Brute Force Cracking.
The team wrote a malicious Javascript file with the ability to access these sensors and log their usage data. This malicious script can be embedded in a mobile app or loaded on a website without your knowledge.

Now all an attacker need is to trick victims into either installing the malicious app or visiting the rogue website. Just a click.

Once this is done, whatever the victim types on his/her device while the malicious app or website running in the background of his phone, the malicious script will continue to access data from various sensors and record information needed to guess the PIN or passwords and then send it to an attacker’s server.

Mehrnezhad says the team had alerted leading browser providers such as Google and Apple of the risks, and while some, including Mozilla and Safari, have partially fixed the issue, the team is still working with the industry to find an ideal solution.
Follow : @techie_geeks

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Powered by WordPress.com.

Up ↑

%d bloggers like this: