NEWCASTLE, England—Crooks can steal personal information, such as PINs and passwords, simply by “listening in” on how people manipulate their phones as they type on keypads.
Researchers from New Castle University in the U.K. have found that the tiny movements people make when they type can be analyzed with a high degree of accuracy by crooks who can determine which letters and numbers are keyed in.
That data comes from the smartphone’s GPS, accelerometer, gyroscope and other sensors, which also make mobile gaming and fitness tracking possible by charting a phone’s movement.
"Most smartphones, tablets, and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera and microphone to instruments such as the gyroscope, proximity, NFC, and rotation sensors and accelerometer," said Maryam Mehrnezhad, a research fellow in the School of Computing Science at New Castle and lead author on the study, in a report by Stuff.co.nz. "But because mobile apps and websites don't need to ask permission to access most of them, malicious programs can covertly 'listen in' on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords."
The study revealed that crooks are likely to achieve 70% accuracy in the first guess of a keystroke, and 100% accuracy by the fifth guess.