Online Data Privacy: Credit Card Details Can Be Gathered Using Smartphone Sensors, Research Says
Every time you enter your credit card details on your smartphone, you might be rendering yourself susceptible to hackers. Research by a team at the University of Newcastle, United Kingdom, has found hackers might be able to decipher your PINs and passwords just from the way you tilt your phone while typing the information.
“Most smart phones, tablets, and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera and microphone to instruments such as the gyroscope, proximity, NFC, and rotation sensors and accelerometer. Because mobile apps and websites don't need to ask permission to access most sensors, malicious programs can covertly "listen in" on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords,” Maryam Mehrnezhad, a research fellow in the school of computing science, University of Newcastle, and lead author on the paper, explained in press release Monday.
Read: Has Your Credit Card Been Compromised In The Staples Data Hack?
According to the research, malicious websites and apps can be used to spy on the user and retrieve the information from the activity recorded by the motion sensors when the user was entering private data. The researchers simply analyzed the data from the motion sensors and then tried to crack four-digit PINs — they achieved 70 percent accuracy on the first try and 100 percent by the fifth.
The research said there are 25 different sensors on smartphones which could be used for recording private data. All these sensors together create a chunk of data, which when analyzed, could provide a lot of personal data. Each user action — clicking, scrolling, holding and tapping — creates its own "motion trance" and could be use to decipher what the user was typing on a webpage.
"It's a bit like doing a jigsaw - the more pieces you put together the easier it is to see the picture," Siamak Shahandashti, co-author on the study, said.
This information can be obtained by hackers even when the phone is locked. The team behind the study has already disclosed its findings to tech companies such as Apple and Google, but is yet to receive a solution from them.
Read: Target Customers' Credit And Debit Card Information Stolen, Including PINs
"It's a battle between usability and security," Mehrnezhad said, “We all clamor for the latest phone with the latest features and better user experience but because there is no uniform way of managing sensors across the industry they pose a real threat to our personal security. One way would be to deny access to the browser altogether but we don't want to lose all the benefits associated with in-built motion sensors," she added, summing up the quagmire of smartphone users. She also suggested following some simple rules to keep data safe.
- Make sure to change PINs and passwords regularly so malicious websites can't start to recognize a pattern.
- Close background apps when you are not using them and uninstall apps you no longer need
- Keep your phone operating system and apps up to date
- Only install applications from approved app stores
- Audit the permissions that apps have on your phone
- Scrutinize the permission requested by apps before you install them and choose alternatives with more sensible permissions if needed
© Copyright IBTimes 2024. All rights reserved.