Skip to Content

Smartphone motion sensors can reveal your security PIN to hackers

Think about all the things you can do with your smartphone — texting and email, browsing the internet, banking transactions, and checking the status of your filed income taxes, just to name a few.

Now imagine all of the sensitive data associated with those tasks getting into the wrong hands. Yikes! Criminals could steal all that information, and you won’t believe how simple it is for them.

How hackers can steal your PINs and passwords

Researchers at Newcastle University have discovered an easy way for hackers to steal PINs and passwords right from your smartphone: The motion sensors built into your gadget.

Most of today’s smartphones come equipped with around 25 different sensors. Clicking, holding, scrolling and tapping your phone creates a unique orientation and motion trace. Malicious websites and apps could allow a criminal to spy on us using the data from these motion sensors.

The researchers’ study included 10 smartphone users entering 50 four-digit PINs five times each on a certain website. This data was used to train a neural network on touch activity. The network was then used to guess the PINs.

The neural network was able to crack the four-digit PINs with a 70% accuracy rate on the first attempt. By the fifth attempt, it was able to crack the PINs with 100% accuracy.

Detailing the study’s findings, Dr. Maryam Mehrnezhad said, “Most smartphones, tablets and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera and microphone to instruments such as the gyroscope, proximity, NFC, and rotation sensors and accelerometer.

“But because mobile apps and websites don’t need to ask permission to access most of them, malicious programs can covertly ‘listen in’ on your sensor data and use it to discover a wide range of sensitive information about you, such as phone call timing, physical activities, and even your touch actions, PINs and passwords.”

They even discovered that on some browsers, if you open a page on your gadget that’s hosting malicious code and then open your online banking account without closing the previous tab, the criminal can spy on all the details you enter. In some cases, if you don’t close the tabs completely, the scammer can spy on you, even when your gadget is locked.

How to protect your phone’s PIN

The researchers behind this study have some ideas for how to protect your phone’s PIN. Follow these security rules:

  • Change PINs and passwords: Update these regularly so malicious sites and apps aren’t able to begin recognizing a pattern.
  • Only download trusted apps: Don’t download apps from third-party app stores. Install apps only from trusted stores, like the Apple App Store and Google Play.
  • Close your apps: When you’re not using an app, make sure it’s closed and not running in the background. If you no longer use an app, uninstall it.
  • Stay updated: Make sure your gadget’s operating system and apps are always up to date.
  • Check app permissions: Don’t just give apps you download unlimited permissions. Carefully read the permission request, and, if they seem unreasonable, don’t install the app.
cryptocurrency e-book hero

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out