The way you hold your smartphone could allow hackers to steal your PINs and passwords

If you thought that tilting your smartphone could keep it away from the prying eyes of hackers when you key in your PIN numbers and passwords, then you may want to think again?

A new research from Newcastle University reveals that users’ passwords could be exposed with just a tilt of their phone. Thanks to the motion sensors used in our smartphones and tablets.

The cybersecurity experts at Newcastle University were able to crack four-digit pins with 70% accuracy on the first guess and 100% accuracy by the fifth guess by just watching the movement of the device. This means that it is possible for the hackers to guess any passcode you enter for your banking app, social media accounts, Apple ID, etc.

Lead author Dr. Maryam Mehrnezhad, a research follow in the School of Computing Science, said: “Most smartphones, tablets, and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera and microphone to instruments such as the gyroscope, rotation sensors and accelerometer.

“But because mobile apps and websites don’t need to ask permission to access most of them, malicious programs can covertly ‘listen in’ on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords.”

According to findings in the International Journal of Information Technology, there is no easy way of securing them from malicious programs.

Dr Mehrnezhad said: “On some browsers we found that if you open a page on your phone or tablet which hosts one of these malicious codes and then open, for example, your online banking account without closing the previous tab, then they can spy on every personal detail you enter.

“And worse still, in some cases, unless you close them down completely, they can even spy on you when your phone is locked.

“Despite the very real risks, when we asked people which sensors they were most concerned about we found a direct correlation between perceived risk and understanding.

“So people were far more concerned about the camera and GPS than they were about the silent sensors.”

The sensors which come as standard on most smart devices gave different information about the device and its user, said the research team. They were able to recognize 25 such different sensors.

Every user touch action on the phone such as clicking, scrolling, holding and tapping – prompted a unique orientation and motion trace and more on a known webpage, which helped the team identify which part of the page the user was clicking on and what they were typing.

All the major tech companies like Apple and Google have been notified of the risks but no one has been able to come up with a solution until now, added the team. This means that these sensors are likely to remain susceptible to hacks unless sensors are introduced on every single website and into app permissions.

If you wish to protect your privacy and keep yourself safe, it is advisable to stay away from clicking any untrusted links, close all background apps on the phone, uninstall those apps that you don’t need, and change your passwords and PINs on a regular basis.