A team of scientists at Newcastle University in the U.K. was able to guess a user’s phone PIN code with nothing more than data from the device’s sensors.
In a paper published in International Journal of Information security, researchers demonstrated how a phone’s gyroscope — the sensor that tracks the rotation and orientation of your wrist — could be used to guess a four-digit PIN code with a high degree of accuracy. In one test, the team cracked a passcode with 70 percent accuracy. By the fifth attempt, the accuracy had gone up to 100 percent.
“Most smartphones, tablets, and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera and microphone to instruments such as the gyroscope, proximity, NFC, and rotation sensors and accelerometer,” said Maryam Mehrnezhad, lead author on a paper describing the research.
“But because mobile apps and websites don’t need to ask permission to access most of them, malicious programs can covertly ‘listen in’ on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords.”