“Most smart phones, tablets, and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera and microphone to instruments such as the gyroscope, proximity, NFC, and rotation sensors and accelerometer,” Dr Maryam Mehrnezhad, a Research Fellow in the School of Computing Science at Newcastle University, explained.“But because mobile apps and websites don’t need to ask permission to access most of them, malicious programs can covertly ‘listen in’ on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords.”Dr Mehrnezhad and her colleagues have proven the viability of the attack by creating a JavaScript file that can gather sensor data and embedding it into a web page. As soon as a test subject on a mobile phone visited the site, the code started listening to the motion and orientation sensor streams (without needing any permission from the user). Finally, by analysing these streams, it infers the user’s PIN with the help of an artificial neural network.
Attackers can steal phone users’ PINs tapping data collected by mobile sensors
Categories: Uncategorized
absenteereality 