Think about all the things you can do with your smartphone. Texting and email, browsing the internet, banking transactions, checking the status of your filed income taxes, just to name a few.
Now imagine all of the sensitive data associated with those tasks getting into the wrong hands. Yikes! It turns out that criminals could steal all of that information and you won’t believe how simple it is for them to do.
How hackers can steal your PINs and passwords
Researchers at Newcastle University have discovered an easy way for hackers to steal PINs and passwords right from your smartphone. They’re able to get this sensitive data from the many motion sensors that are built into your gadget.
Most of today’s smartphones come equipped with around 25 different sensors. Clicking, holding, scrolling and tapping your phone creates a unique orientation and motion trace. Malicious websites and apps could allow a criminal to spy on us using the data from these motion sensors.
The researchers’ study included 10 smartphone users entering 50, four-digit PINs five times each on a certain website. This data was used to train a neural network on touch activity. The network was then used to guess the PINs.
The neural network was able to crack the four-digit PINs at a 70 percent accuracy rate on the first attempt. By the fifth attempt, it was able to crack the PINs with 100 percent accuracy.
Detailing the study’s findings, Dr. Maryam Mehrnezhad said, “Most smart phones (sic), tablets, and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera and microphone to instruments such as the gyroscope, proximity, NFC, and rotation sensors and accelerometer.
“But because mobile apps and websites don’t need to ask permission to access most of them, malicious programs can covertly ‘listen in’ on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords.”
They even discovered that on some browsers, if you open a page on your gadget which hosts malicious code and then open your online banking account without closing the previous tab, the criminal can spy on all the details you enter. In some cases, if you don’t close the tabs down completely, the scammer can spy on you even if when your gadget is locked.
How to protect your phone’s PIN
The researchers behind this study’s findings have come up with some ideas on how to protect your phone’s PIN. Follow these security rules:
- Change PINs and passwords – Update these regularly so malicious sites and apps aren’t able to begin recognizing a pattern.
- Only download trusted apps – Do not download apps from third-party app stores. Install apps that come from trusted stores like Apple’s App Store and Google Play.
- Close apps – When you are not using an app, make sure that it is closed and not running in the background. If you no longer use an app, uninstall it.
- Stay updated – Make sure your gadget’s operating system and apps are always up to date.
- Check app permissions – Don’t just give apps that you download unlimited permissions. Carefully read the permission request and if they seem unreasonable, don’t install the app.