Snooping on movement can reveal smartphone PINs
Accelerometer as attack vector
It’s not the first time boffins have proposed the use of smartphone accelerometers as an attack vector, but it’s scarily efficient: with as few as five guesses, Swarthmore College researchers say they can use phone moments to reveal user PINs.
As noted in his paper (PDF - Practicality of Accelerometer Side Channels on Smartphones, lead author Dr Adam Aviv says phones' movements have been investigated as an attack vector before. Prior work has, however, used the phone’s gyroscope – or a combination of gyro and accelerometer – as the input sensor, and with relatively low accuracy (he cites a test that gave a worst case needing 81 guesses to arrive at the correct PIN).
This new study collected 9,600 samples from 24 users both sitting and walking, and tested both pinpad and swipe-pattern data entry. The data-gathering apps installed on the test phones captured the phones’ movements during PIN/swipe entry, and matched these against a database of known patterns:
“In controlled settings ... with the participants sitting still] our prediction model can on average classify the PIN entered 43% of the time and pattern 73% of the time within 5 attempts when selecting from a test set of 50 PINs and 50 patterns. In uncontrolled settings, while users are walking, our model can still classify 20% of the PINs and 40% of the patterns within 5 attempts.”
The paper suggests that accelerometer data should be denied to untrusted applications “when sensitive touchscreen input is being provided to other applications” – noting, however, that the all-or-nothing model for trusting Android applications is insufficient to protect against such attacks.
The phones tested in the study were the Nexus One, Nexus S, HTC’s Droid Incredible, and the T-Mobile G2. ®
Pin code but with a randomised keypad instead of a standard layout. If the location of, say, the number "4" changes every time the PIN is entered then this attack is rendered pretty much moot.
No swiping for unlocking please
On the tram in the morning I can easilly follow the swipe codes of someone a few metres away. The image that it creates is easy to visualise and remember. For some strange reason many people tend not to hide their screen from prying eyes at that moment.
The viewing angle on sopme phones is also quite large which doesn't help in hiding whats being typed/swiped on those LARGE dots/numbers.
If you had 50 marbles, numbered 1 to 50, there would be a 10% chance of selecting a specific desired number with any 5 random selections from a set of 50. So 43% is only four times better than random guessing. Does the software know what the valid 50 numbers are, and pick the closest match? If so, the results are not impressive.
Whoa there... the number 50 is the size of their test sample, and nothing to do with the number of possible PINs, so your probability calculation is meaningless. In other words, their program is being asked to guess what the PIN is, and not "guess which one of these 50 known patterns/PINS" we've given you".
The way you should look at it is that each random PIN guess (having no accelerometer hints) would be right 1/10,000 of the time (ie, 0.0001). If they can guess the PIN 43% of the time with 5 guesses, then their success rate per guess is 0.43 / 5 or 0.086. So in fact their ability to guess a PIN is actually 0.086 / 0.0001 = 860 times better than chance, not four times better!