NTU study shows security vulnerabilities in mobile phones’ sensors

SINGAPORE — How you tilt your phone and how much light your finger blocks when you key in your passcode could be giveaways for hackers trying to crack their way into your smartphone.

By taking Android phones and installing a custom application which collected data from six physical sensors found on the devices, a team of researchers from the Nanyang Technological University (NTU) managed to unlock phones with a 99.5 per cent accuracy within three tries, when tackling a phone that had one of the 50 most common pin numbers, said the NTU in a press statement on Tuesday (Dec 26).

The sensors include the accelerometer and gyroscope, used to detect the orientation of the phone by tracking rotation or twist; magnetometer, which lets the phone sense direction and location; proximity sensor, used to disable the touch screen when it detects the presence of a human ear; barometer that measures altitude; and ambient light sensor, which helps the phone automatically adjust its display brightness to conserve battery life.

“When you hold your phone and key in the PIN, the way the phone moves when you press 1, 5, or 9, is very different. Likewise, pressing 1 with your right thumb will block more light than if you pressed 9,” explained Dr Shivam Bhasin, a senior research scientist at NTU’s Temasek Laboratories.

Using this logic, Dr Bhasin and his colleagues — Mr David Berend and Dr Bernhard Jungk — took 10 months to build an algorithm that was able to give different weightings of importance to each of the sensors, depending on how sensitive each was to different numbers being pressed.

The study’s 99.5 per cent success rate beats the previous best method of phone-cracking, which let a hacker gain access to a phone 74 per cent of the time when the 50 most common pin numbers are used.

NTU’s technique can also be used to guess all 10,000 possible combinations of four-digit pin numbers. When used to guess all 10,000 possible combinations, the experiments showed up to 83.7 per cent success within 20 tries.

NTU also noted that an attack might not be launched immediately after an app is installed as it would require time to collect enough data for the app to learn the user’s pin number entry pattern and launch an attack later when the success rate is much higher.

These findings were published in the open access Cryptology ePrint Archive earlier this month, with the researchers highlighting that physical sensors present a “significant flaw” in smart phone security as using the sensors within the phones require no permission to be given by the phone user and are openly available for all apps to access.

Director of the Temasek Laboratories, Professor Gan Chee Lip, said this study shows how devices with seemingly strong security can be attacked using a “side-channel”, as sensor data could be diverted by malicious applications to spy on user behaviour and help to access PIN and password information.

“Along with the potential for leaking passwords, we are concerned that access to phone sensor information could reveal far too much about a user’s behaviour,” Prof Gan added.

“This has significant privacy implications that both individuals and enterprises should pay urgent attention to.”

Dr Bhasin said it would be advisable for mobile operating systems to restrict access to these six sensors in future, so that users can actively choose to give permissions only to trusted apps that need them.

To keep mobile devices secure, Dr Bhasin advises users to have pin numbers with more than four digits, coupled with other authentication methods like one-time passwords, two-factor authentications, and fingerprint or facial recognition.