It appears that researchers have found a way to figure out what personal identification number someone is typing into their smartphone by using the device’s built-in cameras and microphones to secretly record them. Security researchers at the University of Cambridge detailed how they exploited the smartphone’s camera and microphone to detect PINs and gave some suggestions for making this type of hack more difficult.
First, the microphone detects that a person is entering a PIN. On many apps, the device will vibrate each time a number is tapped. That vibration creates a sound that is picked up by the microphone, which lets the malware know that a “touch event” is happening. In this case it is the entering of a secret PIN. Then the camera takes over.
The camera isn’t looking for reflections in your eyes or triangulating what numbers you’re looking at while typing in the code. The researchers use the camera to detect the orientation of the phone and determine where the user’s finger is on the screen. On-screen keypads typically display number in a standard order, so if the program can tell where a finger is tapping on the screen based on how the person is holding it, it can deduce what number is there.
This type of malware doesn’t exist in the wild just yet. The PIN Skimmer program was created by Cambridge’s Ross Anderson and Laurent Simon. The idea is to identify potential security holes before they can be exploited by criminals. In tests, the PIN Skimmer had a 30% success rate detecting four-digit PINs after monitoring a few attempts, and that number went up after it grabbed information over five tries.
In their example, researchers assume people are holding their phones with one hand and typing in numbers with their thumb. The malware captures some photos and a few seconds of video and uploads them to a remote server, evading detection by hiding any data usage charges by possibly waiting for the phone to have a WiFi connection. Depending on the phone, it could take some additional precautions like disabling any LED light that would let a person know their smartphone camera was recording. The researchers tested the program on the Galaxy S3 and Google Nexus Android phones.
Security researchers have warned that criminals could use other phone sensors like the accelerometer and gyroscope to puzzle out what someone is typing. It looks like the predictions are becoming facts and that nothings is as secure as it seems.
Thank you CNN for providing us with this inforamtion
Ceres 300 TG ARGB Snow Mid Tower Chassis is an ATX case that comes with…
ASUS Prime series motherboards are expertly engineered to unleash the full potential of 12th Generation…
Say hello to Raptor-Lake. Intel's incredible 13th generation processors are here to break the boundaries…
This PG34WQ15R2B Phantom Gaming monitor provides exceptional clarity to any gamer thanks to its WQHD…
CORSAIR VENGEANCE DDR5, optimized for Intel® motherboards, delivers the higher frequencies and greater capacities of…
Leap into the future with the ROG Strix B760-F, a fantastic upgrade into 13th Gen…