Research: Smartphone sensors data can reveal your PIN
Even if some people may have stolen your smartphone, they may not have much benefit to them if they do not know your password. Researchers from Nanyang Technological University in Singapore have now created a system that correctly guesses the phone’s PIN based on the information provided by the sensor.
Under the leadership of Dr. Shivam Bhasin, the research team “trained” the system by having three people randomly enter 70 four-digit PIN numbers on Android smartphones. A special application is installed on each phone that collects data from accelerometers, gyroscopes, magnetometers, proximity sensors, barometers and ambient light sensors.
Researchers then used depth learning algorithms to analyze the data, matching specific sensor readings to specific numbers on the screen keyboard. Bhasin explains: “When you hold your phone and enter your PIN, the phone moves differently when you press 1, 5, or 9. Also, pressing 1 with your right thumb down will be slower than pressing 9 Block more light. ”
When the system guesses a four-digit PIN based on the sensor’s response, the accuracy is 99.5% (no more than three attempts) when unlocking a phone that uses one of the 50 most-used PINs.
Bhasin believes it is conceivable that people may unwittingly use technology to download malware to their phones. After accessing the phone’s sensor and obtaining the user’s PIN, the program transmits the information to the person who can unlock the phone.
To prevent this from happening, he suggested that the phone’s operating system limit access to the phone’s sensors so that users can only grant permissions to trusted applications.
Cryptology ePrint Archive paper on the study was published.