If it’s not one thing, it’s another. Smartphones and tablets are great to have, but hackers keep finding ways to get into our devices. And new technology brings about more dangerous hacks. Well, get ready — a new hack may be on the horizon.
Academic researchers from England and Sweden designed malware that can use your phone’s microphone to get at some of your passwords and codes.
The results of the researchers’ tests may make you nervous and definitely make you hope hackers don’t learn about it.
How your phone’s microphone could be used by hackers
Just by listening in, hackers could get passcodes or passwords from your phone and tablet.
In a paper recently released by the English and Swedish researchers, they wrote that malware designed to machine learn could figure out the PIN code and password to your phone or tablet by simply hearing your keystrokes.
The malware would eventually learn enough to know which keystrokes correspond to the numbers or letters that make up your PIN or password.
Thankfully, the technique isn’t 100% accurate. But in one test case, the researchers were able to accurately guess more than half of the four-digit PINs used on Android tablets.
In their paper, “Hearing your touch: A new acoustic side-channel on smartphones,” the researchers claimed they had found the first acoustic side-channel attack that recovers what users type on their touch-screen smartphones and tablets.
According to the researchers, when we tap our screens each tap generates a sound wave.
“We found the device’s microphone(s) can recover this wave and ‘hear’ the finger’s touch, and the wave’s distortions are characteristic of the tap’s location on the screen,” the paper stated.
By recording the audio as you tap your screen, the malicious app can learn what you’re typing and use it to unlock your phone. The researchers measured how effective such an attack would be by monitoring 45 participants with Android tablets and phones in a real-world environment. The malware the researchers installed had not been trained with the users’ data.
The malware seems to have an easier time learning four-digit PINs. The researchers were able to recover 61% of 200 PINs on the tablets within 20 tries.
However, they had less success with words. They recovered nine words between seven and 13 letters long after 50 attempts.
How to protect your smartphone from a mic hack
Luckily, the malware remains in academic hands, but you can always bet that hackers will develop their own form of such malware in the future. After all, there already are apps that listen to you through your phone’s mic to track you.
As far as the researchers are concerned, there is no software or app yet that can protect your phone from being mic hacked. The only sure-fire way is to make changes to the hardware.
Suggestions such as lowering the microphones’ sample frequencies or using a double layer of glass on the screen would work, but the researchers say it is unlikely that phone developers would adopt such measures due to advertiser pressure and their own attempts to make the phones slimmer.
They also suggest creating a new high-priority mode for passwords or other sensitive text entries, in which all sensors except the touchscreen are blocked. They admit this would require more engineering.
In the meantime, they encourage a respected app developer to consider a feature that uses tactical jamming when PINs and passwords are entered.
Until then, the researchers suggest you shake things up a bit when entering PINs or passwords, such as inputting a wrong number or password with some frequency in order to confuse the malware.