Tilt your phone? Hackers can steal your passwords
You’re always discreet when you type your pin at the card machine. You’re even careful when entering your passcode into your phone.
Now though, criminals can hack into your accounts simply by monitoring the way you tilt your device.
What’s more they can do it from anywhere in the world.
How the hack works
As we mentioned last week, if a device has a camera, it’s possible to hack it.
The same goes for the data collected by your smartphone’s sensor — which collects second-by-second information about every minute movement you make with your phone.
This might sound harmless, but a team of computer scientists have now proved they can guess a passcode just from monitoring this gyroscope data.
In the first instance, the programme they created was able to correctly guess a code 70% of the time, they explain in Information Security.
By the fifth attempt it was right 100% of the time.
This isn’t just about getting the code to unlock your smartphone.
It could well be possible for hackers to guess any passcode you enter — for your banking app, or Apple ID — if they are able to collect enough information.
The hack becomes even more problematic when you consider how often people duplicate passwords: ask yourself, what else do you use your smartphone pin for?
How you can prevent it
In this case, the researcher’s hacking program ran off a dodgy webpage. It would remain collecting data for as long as it was open in the background. You would not be alerted to its access of your sensors.
“You could accidentally open a website, or click on an advert in it, and suddenly it would be recording all sensor data, motion and orientation, and saving it to the cloud where it can later have access,” said Dr Maryam Mehrnezhad, one of the researchers from Newcastle University.
To prevent this you should obviously try to steer clear of untrusted links. You should also close background apps, uninstall those you don’t need, and change your pins regularly, Megrenezhad advises.
Until biometric passwords take over, tilting your smartphone simply isn’t safe.