Overclock.net › Forums › Industry News › Software News › [bbc]Smartphone sensors reveal security secrets
New Posts  All Forums:Forum Nav:

[bbc]Smartphone sensors reveal security secrets

post #1 of 6
Thread Starter 
Quote:
Dr Adam J Aviv, a visiting professor at Swarthmore College in Pennsylvania, carried out the attacks by using data gathered by an accelerometer on a smartphone. Typically this sensor logs phone movements in three dimensions: side-to-side, forward-and-back and up-and-down.

The data gathered as the phone is moved is often used in games to steer or guide an onscreen entity such as a car or a ball.

Working with Matt Blaze, Benjamin Sapp and Jonathan Smith from the University of Pennsylvania, Dr Aviv realised that the data gathered by the accelerometer could also be used to work out where someone tapped on a screen when unlocking a gadget with a Pin or pattern.
source

Here's a link to the original white paper (PDF).

With so many applications having accelerometer access, this seems like a legitimate security issue.

from the abstract of the paper
Quote:
In controlled settings, our prediction model can on average classify the PIN entered 43% of the time and pattern 73% of the time within 5 attempts when selecting from a test set of 50 PINs and 50 patterns. In uncontrolled settings, while users are walking, our model can still classify 20% of the PINs and 40% of the patterns within 5 attempts.

Edited by hajile - 3/8/13 at 1:25pm
post #2 of 6
Genius.
post #3 of 6
This could be a huge concern for most online retail apps that store credit card information or online banking via the phone. :\
Quote:
Originally Posted by Add3r View Post

Genius.

Lol, far from it.
post #4 of 6
honestly? old news. (see http://arstechnica.com/apple/2011/10/researchers-can-keylog-your-pc-using-your-iphones-accelerometer/ , http://www.extremetech.com/mobile/92946-a-wiggly-approach-to-smartphone-keylogging , http://www.wired.com/wiredscience/2011/10/iphone-keylogger-spying/ , etc.) Non-touchscreen keys exhibit a different sound/vibration when pressed.

This is just the next level
Edited by AlphaC - 3/8/13 at 2:36pm
Workstation stuff
(407 photos)
SpecViewperf 12.0.1
(152 photos)
 
Reply
Workstation stuff
(407 photos)
SpecViewperf 12.0.1
(152 photos)
 
Reply
post #5 of 6
Thread Starter 
Quote:
Originally Posted by AlphaC View Post

honestly? old news. (see http://arstechnica.com/apple/2011/10/researchers-can-keylog-your-pc-using-your-iphones-accelerometer/ , http://www.extremetech.com/mobile/92946-a-wiggly-approach-to-smartphone-keylogging , http://www.wired.com/wiredscience/2011/10/iphone-keylogger-spying/ , etc.) Non-touchscreen keys exhibit a different sound/vibration when pressed.

This is just the next level

There's a huge difference. The idea of using vibrations to read keystrokes has a low chance of success in the best conditions while this idea succeeds on 1 in 5 tries under bad circumstances (and an app on your phone will get plenty of tries until such inputs are disabled during secure entry periods). The vibration idea relies on a dictionary for input, so non-dictionary passwords can't be detected while the pin entry relies on detecting a physical change that links 1 to 1 with a physical location and the "next level" here is using full keyboard detection.
post #6 of 6
I swear I have seen this exact news article posted somewhere on OCN before thinking.gif

But on topic I'm surprised something like that hasn't been "discovered" years ago. It's a pretty old technique similar to how it was done using phones with keypads.
    
CPUMotherboardGraphicsRAM
AMD Ryzen R5 1600 Asus PRIME B350 PLUS  AMD Radeon HD7950 16GB Corsair Vengence (2x8GB) 
Hard DriveHard DriveHard DriveOS
1TB WD Blue 500GB WD Blue 120GB Hitachi Windows 10 Pro 
MonitorMonitorKeyboardPower
LG 32LD450 Dell Ducky DK9008 OCN Edition Corsair TX650v2 
Case
Fractal Design Core 3000 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AMD Ryzen R5 1600 Asus PRIME B350 PLUS  AMD Radeon HD7950 16GB Corsair Vengence (2x8GB) 
Hard DriveHard DriveHard DriveOS
1TB WD Blue 500GB WD Blue 120GB Hitachi Windows 10 Pro 
MonitorMonitorKeyboardPower
LG 32LD450 Dell Ducky DK9008 OCN Edition Corsair TX650v2 
Case
Fractal Design Core 3000 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [bbc]Smartphone sensors reveal security secrets