Hackers can crack your password based on how you move your phone while typing, study claims


A study by Newcastle University claims that hackers can crack your password or PIN code based on the movement of your smartphone while typing. Weird as it may seem, the experts say that during the study, they've managed to crack four-digit PINs with 70% accuracy on the first try, and have them guessed by the fifth attempt, relying on nothing more than data collected from motion and orientation sensors. The scientific team also claims that tech companies are aware of the problem, but have no solution to it.

So, how is this possible? Well, apparently by secretly collecting data from the phone's gyroscope.

Dr Maryam Mehrnezhad, lead of the Newcastle University study, says that this security flaw is caused by the fact that most "mobile apps and websites don't need to ask permission to access most of the [sensors]," which allows “malicious programmes” to listen in and collect data from the sensors.

But how does it work, exactly? Well, in a similar way to how mouse tracking can be used to learn more about what you're doing on your PC, the orientation sensors in your phone can be used to tell whether you are scrolling, long-pressing, or tapping your screen, and most worryingly perhaps, where you are tapping on the screen.

"On some browsers we found that if you open a page on your phone or tablet which hosts one of these malicious codes and then open [another one], then they can spy on every personal detail you enter," says Dr Mehrnezhad. "And worse still, in some cases, unless you close them down completely, they can even spy on you when your phone is locked."

And you were worried about the front-facing camera!

The Newcastle University scientific team has reported all its findings to major tech companies, but there hasn't been any meaningful response so far.

Well, we guess the only logical solution to the problem at this point would be to become this guy:


Or, you know, be perfectly still while typing. Perfectly. Still.

FEATURED VIDEO

17 Comments

1. darkkjedii

Posts: 31328; Member since: Feb 05, 2011

Now that is interesting. Cyber thieves will stop at nothing to jack us.

2. Plasticsh1t

Posts: 3109; Member since: Sep 01, 2014

It's time to get the Nokia 3310. I'll wait.

3. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

With FPS, there wont be a passcode to hack..lol You can easily defeat such a hack. Never use your passcode in public. Buy a phone with a FPS and always use it and actually set it up. Use alternative methods like the pattern or some other means. What happens when people don't move their phone to enter passcode?! The whole thing is dumb. Because they would still need your phone. Even if they know the passcode it wont matter if they never have your phone.

4. krystian

Posts: 423; Member since: Mar 16, 2016

I just look at it and the iris scanner does it for me.

5. darkkjedii

Posts: 31328; Member since: Feb 05, 2011

On my Note 7, I used the iris scanner more than 90% of the time. It even worked in the dark, contrary to popular belief.

8. RebelwithoutaClue unregistered

It helps that an exploding battery lights up your face like a Xmas tree ;)

9. darkkjedii

Posts: 31328; Member since: Feb 05, 2011

Low blow, but a hella funny low blow. +1

10. Mxyzptlk unregistered

Wow, what a slick burn by the clueless rebel.

12. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

IKR? How they think infrared glass work in the dark. People don't really understand tech. They just think they do.

6. NarutoKage14

Posts: 1327; Member since: Aug 31, 2016

That's not a hack, that's simple observation combined with a little deduction.

7. AlikMalix unregistered

Yeah good luck, I unlock my phone with a finger on the home button. But I can easily figure out your pattern just by matching the finger smudges on your screen.

11. Mxyzptlk unregistered

Please don't tell me it's time to get a blackberry.

13. omnitech

Posts: 1131; Member since: Sep 28, 2016

If someone really wanted to, they can hack any smartphone. The question is are any of us here really that important for hackers to waste their time on? In most cases the answer is no. My automechanic teacher said he can break into any car if he really wanted to. The same probably applies to smartphones.

14. Arch_Fiend

Posts: 3951; Member since: Oct 03, 2015

Guess companies will just have to updater their software to disable the gyroscope when the display is locked.

15. phonehome

Posts: 812; Member since: Dec 19, 2014

My iPhone password is 1-2-3-4.

16. marorun

Posts: 5029; Member since: Mar 30, 2015

Good luck i only enter my password on my phone when i boot it up Otherwise i use my finger print scanner.

17. jc.wilcox

Posts: 14; Member since: Jul 14, 2014

Me too. But then I started to think, that now they will have to take your iphone and your thumb too. MMMM and those of the Note 5, they will have to take your eyeball too. I think it was a lot simpler when we all used the Nokias (like the 3310).

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.