Malicious software uses camera and mic to reveal your PIN code

Malicious software uses camera and mic to reveal your PIN code
Researchers have warned BBC about an unusual security issue in smartphones that could allow wrongdoers to take advantage of your hardware while you enter your most valuable PIN codes. Prof Ross Anderson and Laurent Simon, the authors of a recent report stated that by using a program called PIN Skimmer, they were able to reveal PIN codes on devices such as the Google Nexus S and the Galaxy S3. 

The program functions by taking control of you front-faced camera and microphone, then watches your face and "listens" to touch-events as you enter your PIN code on the virtual keypad. Then the collected data is used to compare the orientation of the phone in relation to the user's face and then determine which keys were pressed.

"We watch how your face appears to move as you jiggle your phone by typing. It did surprise us how well it worked" admitted Proffesor Ross Anderson.

Nowadays, when more and people access their banking accounts via their smartphones, the necessity of additional security measures is bigger than ever. The researchers suggest that smartphone users should either use longer, more complex PIN codes or randomize the position of the digits in order to minimize the risk of them falling victims to malicious software. It is also suggested that facial recognition or fingerprint scanning should be used if available.

Earlier this year, another security flaw allowed malicious third-party apps to gather data from the smartphone's acellerometer sensors and use it to guess PIN codes and screen lock patterns. Have you ever experienced any similar security issues with your smartphone and the precious data you store?

source: BBC News



1. scriptwriter

Posts: 396; Member since: Nov 13, 2012

Easiest way around this: Cover up the front camera while unlocking your phone and keep keypad tones off. Also, this while we need true orientation on phones, similar to what we have on tablets. This would make it even harder to use this method

3. tomn1ce

Posts: 247; Member since: Mar 12, 2012

I was thinking the same thing as I was reading the article. Why not just cover the front facing camera.

2. Finalflash

Posts: 4063; Member since: Jul 23, 2013

Right so someone has to go through the effort of getting my pin to do what with it... Since I still have the phone. And alphanumeric passwords more than 8 characters are not gonna be guessed by this at all because your eyes can be looking at half the keyboard at any one moment. Also, if you are going through all this effort... Why not just use a key logger since you can probably make one with 5 lines of code instead of the ridiculous heuristics needed for their method? Who comes up with this bs? They either needed filler publications or someone paid them to bs for them?

4. RebelwithoutaClue unregistered

Call me a niggler, but why does it show an iPhone screen in the picture when the malware only works on two specific Android phones?

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.