Security researchers have documented a way to unlock a target’s phone using readings from “zero-permission” sensors. Apps can access sensors such as the accelerometer and gyroscope without special permissions. The readings can be used to deduce your PIN.
Most smartphone hardware is protected against ordinary access from apps unless you’ve specially granted permission. If you’ve ever used an app that needs camera or microphone access, you’ll have seen a prompt to enable the functionality. Some sensors, including the accelerometer, barometer, proximity sensor and ambient light sensor, aren’t protected though, ostensibly because they’re non-critical and can’t intrude on your privacy.
A paper from researchers at the Nanyang Technological University (NTU) in Singapore suggests this lack of security might need to be reconsidered. As Sophos’ Naked Security blog explains, the researchers managed to correctly guess Android smartphone PIN codes with a 99.5% accuracy using data obtained from the “non-critical” sensors.
Because the sensors in modern smartphones are so accurate, the information they provide is sufficient to monitor a user’s activity. By looking at whether you’re moving, what angle you’re holding your phone at and basic environmental details, an attacker could glean enough clues to work out your PIN code.
The proof-of-concept attack demonstrated by the researchers analyses how a phone moves about as the user enters their PIN code. Because each number is in a standard location on the screen, the rotation and tilt of the phone provides pointers that identify the key being pressed. Most users will cause their phone to move in distinct ways as they reach for the top numbers and apply pressure to the screen.
Functionality over security
The researchers said that smartphone manufacturers should reconsider how they’re protecting the sensors being added to new devices. Hardware products such as fitness trackers and VR devices are dependent on the output from sensors. However, leaving physical sensors unprotected could give attackers a way to compromise phones without the owner ever suspecting.
“New technologies, such as health trackers, augmented or virtual reality, require more and more computing power and an increasing number and quality of physical sensors, to advance the user experience,” wrote the researchers. “However, the security countermeasures and the privacy protections implemented in smartphones are not improved at the same pace.”
The proof-of-concept attack could be implemented by malicious actors using a fake app. This could use machine learning techniques to accurately guess PIN codes after watching the user unlock their device several times. The only way to ensure protection is for mobile operating system vendors to place permissions around all physical sensors, giving users control over the apps that can use them.