Skip to content

Report: Hackers could steal your PIN and passwords by accessing your device’s motion sensors

According to a group of scientists at Newcastle University in the UK, keeping your PINs and passwords safe is no longer the most you can do when it comes to device security.

The institution’s study showed that when a user inputs a password or PIN, the motion sensors on a device will create a distinct pattern. The repetition of such action could allow hackers to identify when a password was being entered and could use data to crack the code on an iPhone.

However, there’s still approaches users can take to improve their chances of not being hacked. The testing saw the team crack four-digit PINs first-time 70 percent of the time, while the codes were cracked 100 percent of the time by the fifth guess. Of course, most iPhone’s and iPads now require a six-digit passcode, so if you haven’t upgraded to the six-digit passcode on your device, we’d recommend doing so.

Read our Digital Security 101 guide for more information.

Lead author of the study Dr. Maryam Mehrnezhad goes into further detail:

“Most smart phones, tablets, and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera and microphone to instruments such as the gyroscope, proximity, NFC, and rotation sensors and accelerometer.

But because mobile apps and websites don’t need to ask permission to access most of them, malicious programs can covertly ‘listen in’ on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords.

More worrying, on some browsers, we found that if you open a page on your phone or tablet which hosts one of these malicious code and then open, for example, your online banking account without closing the previous tab, then they can spy on every personal detail you enter.

And worse still, in some cases, unless you close them down completely, they can even spy on you when your phone is locked.”

Again, Apple users might be luckier than their Android counterparts. The researchers had already informed a variety of browser-makers about the vulnerability and Apple has since patched the issue in its Safari browser. However, Google, which makes Android, is yet to implement a proper fix.

Source: Engadget, Newcastle University