Study reveals motion-sensor data can be treasure trove for hackers

There’s a lot to be concerned about when it comes to data protection. We already have the ‘Snoopers’ Charter’ here in the UK, while proposals for relaxed data laws in the US could set the scene for looser privacy regulations around the world. At times it can feel like everyone is out to get our personal information, and unfortunately, digital hypochondriacs might have a bit more to worry about when it comes to data security.

A new study by a team of cybersecurity researchers in Newcastle has revealed it’s possible to guess an individual’s password simply by analysing how a device moves when in use. The smartphone moves in a slightly different way depending on which part of the screen is pressed, and from there bank details, passwords and PINs were all discoverable to researchers via a JavaScript exploit. Said exploit allowed researchers to access movement data via a breach that worked on smartphones, tablets or even wearables such as smartwatches.

Not only are these results concerning, the researchers disclosed that this process worked at the very first attempt 70% of the time. Worryingly, the success rate increased to 100% by the fifth guess, meaning this is a pretty high priority in the data security game.

But how was this is all possible? Whether it’s a smartphone, tablet or wearable, smart devices are packed full of sensors. Many will have heard about the possibility of hacking into GPS, utilising a user’s camera or gaining access to a device’s microphone. However, there are a multitude of other sensors inside a smartphone, including the likes of NFC, gyroscopes and rotation sensors.

Newcastle University’s cyberteam was able to hack into these sensors, and much like location data, it can reveal plenty of personal insights about a particular user.

As this was found in an academic study, there’s no reason to believe it has actually been exploited in the wild. And hopefully it never will be: Apple’s Safari browser has partially fixed the problem, as has Mozilla Firefox, while Google is currently working on solving the issue for Chrome. The Newcastle team is also reportedly working with the tech industry for a more long-term resolution.

Source:http://www.alphr.com/security/1005751/study-reveals-motion-sensor-data-can-be-treasure-trove-for-hackers