Researchers at Newcastle University in England recently published a paper that demonstrates how device sensors can leave mobile phones vulnerable to hacking.
As reported by TechCrunch, the team of researchers at Newcastle University used data collected by hardware tracking systems within mobile phones to successfully crack four-digit pins with a 70 percent accuracy on the first try and 100 percent accuracy by the fifth try.
The lead researcher of the paper, Dr. Maryam Mehrnezhad spoke to TechCrunch about the team’s findings, saying “having access to these sensors, either via the native apps, which you can install on your phone or a web application — it’s not like they always ask permission. So, these sensors, which are related to your identity, like your microphone, camera or GPS, but for a lot of these new sensors, none of them ask for permission. And a lot of users don’t know that the web application has access to it.”
According to the paper, hackers can use the data to determine multiple details about the user of the device, such as whether or not the user is sitting, walking or traveling in a car or train by accessing the phone’s GPS information. Mobile browsers have proven to be one of the biggest issues when it comes to device vulnerabilities according to the report. If a user accesses a site with malicious code or viruses attached, hackers can gain access to phone leaving it open to sensor monitoring even when the browser is closed.
Dr. Mehrnezhad told TechCrunch that major mobile manufacturers are aware of these issues, “All mobile platforms[…] are aware of this problem,” she says. “We reported it to them, and ever since we’ve been in touch with them, we’ve been trying to fix this problem together. It’s still ongoing research on both sides. But we’re in contact with these communities to figure out the best solution.”
Dr. Mehrnezhad warned that the issue will only become worse as more devices become connected to the internet through wearable technology and smart home appliances. Dr. Mehrnezhad and her team suggested that users regularly change their phone PINs and quit all apps not currently in use to safeguard against possible cyber attacks.