Security researchers have discovered a brand new method that hackers can potentially use to unlock and compromise a user's smartphone using just the device's sensors. According to researchers at Nanyang Technology University (NTU) in Singapore, information gathered from six different sensors in smartphones paired with machine learning and deep learning algorithms could be used to unlock Android smartphones within only three tries.
When attempting to crack a phone that had one of the 50 most common PIN numbers, researchers said their method worked 99.5% of the time and could be used to guess all 10,000 possible combinations of 4-digit PINs.
While every new generation of smartphones brings a slew of new innovative features from health trackers, augmented or virtual reality and more that require additional advanced physical sensors.
"However, the security countermeasures and the privacy protections implemented in smartphones are not improved at the same pace," researchers noted in a paper published in the open-access Cryptology ePrint Archive. "One problem is that the pool of sensors embedded in smartphones may unintentionally leak sensitive information.
"For example, sensors that are accessible without user permissions, so-called zero-permission sensors may be exploited by an attacker, without the knowledge of the user... to extract cryptographic keys."
The researchers used six sensors to identify a smartphone's 4-digit number sequence including the magnetometer, accelerometer, ambient light sensor, gyroscope, proximity sensor and barometer.
"When you hold your phone and key in the PIN, the way the phone moves when you press 1, 5, or 9, is very different. Likewise, pressing 1 with your right thumb will block more light than if you pressed 9," lead researcher and NTU senior research scientist Dr Shivam Bhasin said.
In this study, three people were asked to enter a random set of 70 four-digit PIN numbers on a phone. The team trained a machine learning classification algorithm using the data collected. It also recorded the sensor reactions as well.
The deep learning algorithm was then able to assign different weightings of importance to each sensor, depending on how sensitive it was to the number being pressed. As more data was collected and fed to the algorithm, its success rate improved, the team noted.
"While a malicious application may not be able to correctly guess a PIN immediately after installation, using machine learning, it could collect data from thousands of users over time from each of their phones to learn their PIN entry pattern and then launch an attack later when the success rate is much higher," researchers noted.
Professor Gan Chee Lip said their findings highlighted how seemingly insignificant side-channels can be exploited to infiltrate even strong smartphone security settings and safeguards.
Hackers could potentially install a malicious app that may not get it right on the first try, but could eventually guess a user's PIN code using machine learning.
Researchers have called for mobile OS to restrict access to the six vulnerable sensors in the future and give users to ability to choose to give permissions to trusted apps that require them. Users have also been advised to have longer PINs with more than four digits together with other security measures such as two-factor authentication, one-time passwords and facial or fingerprint recognition.
"Along with the potential for leaking passwords, we are concerned that access to phone sensor information could reveal far too much about a user's behaviour," Professor Gan said. "This has significant privacy implications that both individuals and enterprises should pay urgent attention to."