If we are to take a closer look at a smartphone’s specifications brochure, we would, undoubtedly, find out that it has many features, including several sensors which help the user find his way through today’s fast-paced world of electronic devices.
A single smartphone can house up to 25 sensors such as a gyroscope, accelerometer, proximity sensor, ambient light sensor, digital compass, and much more. While it’s desirable to have a phone with all the bells and whistles, one would often question if this choice is safe, security-wise.
According to a new study from the Newcastle University, it would appear that even smartphone sensors can be used in order to steal sensitive information like PINs or to spy on the user.
Dr. Maryam Mehrnezhad, a computer scientist and the author of the recently published study on smartphone sensors, declared that many of the apps available on the web, like games or fitness applications, need to access the smartphone’s sensors, but they seldom ask the user for permission.
What’s even more worrying, according to Dr. Mehrnezhad, is the phone users don’t even care about the phone’s sensors being accessed by the application. This can open the door to potentially dangerous codes which can steal sensitive information, like bank accounts or used to spy on the owner without he or she realizing what’s happening.
The Newcastle University scientists explained that data being handled by the phone’s sensor could be used to reconstruct certain types of actions, like what kind of pattern the owner uses when he locks his phone or what PIN was used during the Internet banking login session.
To prove that sensors can also be used to serve nefarious purposes, Dr. Mehrnezhad and her team set up a little experiment. Its purpose was to guess a phone’s PIN using sensor data. The results of this rather unusual experiment reveal that the scientists managed to guess the PIN on the first attempt with a 70 percent accuracy and with 100 percent accuracy during the fifth attempt.
So, what can we do in order to protect ourselves against this new threat? According to the study’s author, the best way to make sure we don’t entice an uninvited guest to mess around with our data is to make sure all applications are closed. Another good piece of advice is to uninstall any unnecessary applications or those we haven’t used for some time.
Image source: Flickr