



A typical SmartPhone comes with a number of sensors, like microphone, camera, proximity sensors, fingerprint reader etc for better user experience and features. A high-end SmartPhone comes with additional sensors like magnetometers, barometers, thermometers and even sophisticated sensors like accelerometers and gyroscopes for motion detecting. But did you know that these smartphone sensors can lead to potential compromise of your personal data which includes sensitive information like passwords? This post explains about the security and privacy concerns of growing number of SmartPhone Sensors.





How SmartPhone Sensors can be leveraged to Hack Passwords.





PINlogger.js which is a JavaScript-based side channel attack vector. This can be embedded into websites controlled by attackers and when an unsuspecting user visits the web page, it starts to listen to the motion and orientation sensors. This doesn't require any permission from the user and thereby works in stealth mode. Data thus collected is analyzed using an artificial neural network to infer the user’s PIN. A recent study conducted by The Newcastle University shows that motion sensors found in android SmartPhones could let an attacker get the security PINs of users. They have proposed a JavaScript tool namedwhich is a JavaScript-basedvectorThis can be embedded into websites controlled by attackers and when an unsuspecting user visits the web page, it starts to listen to the motion and orientation sensors. This doesn't require any permission from the user and thereby works in stealth mode. Data thus collected is analyzed using an artificial neural network to infer the user’s PIN.





Attack Methodology





According to the researchers, the PINlogger.js can be embedded in web pages as well as standalone apps which can be installed on user devices. The study was conducted on Chrome on an Android device (Nexus 5), involving 10 users, each entering all the 50 4-digit PINs for 5 times. It was able to guess the PIN 70% of the time at first try. On increasing the rate, 100% success rate was reached on the fifth try. These results are rather concerning as the PIN guessing and success rate is extremely high.





Image credits: https://link.springer.com/article/10.1007/s10207-017-0369-x





Should the users be worried about the SmartPhone Sensor monitoring attack?





PINlogger.js injected opened in the background and then try to enter PINs repeatedly to result in a successful guessing. However this SmartPhone Sensor attack is successful mostly against guessing PINs, and most of the instances a simple 4 digit code are used for ATM PINs, NFC-based payment systems, etc. People use predictable and easy to remember set of digits like 0000, 1234, 1111 etc as PINs so a sophisticated neural network may not be required always to pull off a successful attack. Yes and No. Neural Networks are used here and practically deploying it to target a user required a good amount of training data. Moreover, the user has to keep a web page with the malicious javascriptinjected opened in the background and then try to enter PINs repeatedly to result in a successful guessing. However this SmartPhone Sensor attack is successful mostly against guessing PINs, and most of the instances a simple 4 digit code are used for ATM PINs, NFC-based payment systems, etc. People use predictable and easy to remember set of digits like 0000, 1234, 1111 etc as PINs so a sophisticated neural network may not be required always to pull off a successful attack.





Possible solutions against SmartPhone Sensor based attacks.





Since the vulnerability is due to the SmartPhone sensors being misused, one possible solution suggested by the researchers is to restrict permissions how these sensors are accessed by apps and websites. Other suggested solutions are: -

Use longer PINs,

Change PINs often,

Check the app permissions before installation,

Stop the apps from running in the background unless necessary.

Adopt other methods of authentication.





Source & Technical Details : https://link.springer.com/article/10.1007/s10207-017-0369-x



