How Criminals Can Steal Your PIN by Tracking the Motion of Your Phone

Newcastle University (UK) Press Office

Researchers at Newcastle University in the U.K. have demonstrated that malicious websites and installed applications can spy on people by exploiting movement data from smartphone sensors.

Despite the threat, the research shows that people are unaware of the risks and most of us have little idea what the majority of the twenty five different sensors available on current smart phones do. And while all the major players in the industry are aware of the problem, no-one has yet been able to find a solution

“Most smart phones, tablets, and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera and microphone to instruments such as the gyroscope, proximity, NFC, and rotation sensors and accelerometer.

“But because mobile apps and websites don’t need to ask permission to access most of them, malicious programs can covertly ‘listen in’ on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords.” says Newcastle’s Maryam Mehrnezhad.

The researchers found 25 distinct sensors that are standard elements on most smart devices, providing information about devices and users. “Because there is no uniform way of managing sensors across the industry, they pose a real threat to our personal security,” Mehrnezhad notes. “One way would be to deny access to the browser altogether, but we don’t want to lose all the benefits associated with in-built motion sensors.”

As the result of the research, some of the mobile browser vendors such as Mozilla, Firefox and Apple Safari have partially fixed the problem, but for an ultimate solution, the Newcastle team is still working with industry.  Read the report.