The ever-growing functionality of the Smartphone has been discussed by IntaForensics in previous posts. From app usage to banking, so much of our personal data is available on the handheld device. A pin or passcode is often the only wall between criminals and sensitive data, and cracking Apple’s iPhone security is no mean feat. But could there be a new way for others to uncover your pin and access your phone?
The results of research announced this week has shown that sensors inbuilt into many Smartphones can provide clues to the security code. The accelerometer, which records 3 dimensional movement for apps and games, can record data on the way the device may be tilted during the unlocking of the phone. Slight pressure on the device would naturally cause the device to move, meaning that patterns can be tracked depending on finger placement and natural tilt of the device.
Dr Adam J Aviv, a visiting professor at Swarthmore College in Pennsylvania, USA, orchestrated the attack on a Smartphone using accelerometer data. Assisted by Matt Blaze, Benjamin Sapp and Jonathan Smith, also from the University of Pennsylvania, controlled tests were conducted and the results were cross referenced with a number of taps and swipe records previously collected. This created an accelerometer “dictionary”.
As this is the early stages of the development, the software created through this research produced hit rates that weren’t completely accurate – however, this increased in accuracy the more guesses that were allowed. After five guesses it could identify 43% of pins and 73% of patterns. This was based on codes chosen from a set of 50 numbers and patterns.
The complexity of the pin lock encryption, as discussed in our previous blog, makes accessing devices difficult. But does this provide a alternative option for hackers and malware? Kevin Mahaffey, chief technology officer at mobile security firm Lookout states that “More sensors on smartphones equals a lot more data flowing through these devices, which means protecting them is even more critical”.
Criminal activity continues to adapt and change in parallel to technological advancements. This appears to be the first true exploit of the accelerometer technology. What would happen if this was in the wrong hands? Could this be the next threat in accessing our sensitive information?