Are Smartphones and Sensors a Security Risk? Let’s look at the average cellular phone… Did you know that it is outfitted with a gyroscope, barometer, light sensors, camera, microphone, GPS sensors, accelerometer, magnetometer, proximity sensors, fingerprint sensor, pedometer, heart rate sensor, capacitive touch sensors.
Smartphones and Sensors
Sensors raise the consciousness of our smartphones. With mobile sensors becoming smaller and more sophisticated—and new types of sensors coming onto market—what we’re seeing today is only the beginning in the era of self-aware devices. More is waiting around the corner.
Truly the technology that is now jam packed into modern smart phones is an extreme testament to the genius of all the engineers who designed the instruments over the past few years.
Smartphones and Sensors Security
Of course this raises the issue of Cyber security, a concept that’s been around for decades, but public understanding of the risks we face every day is tenuous at best. For example, did you know that the sensors in your phone can give away your PIN to thieves? Did you know that all it takes to put your sensor data in the wrong hands is to visit the wrong website?
Many of these sensors provide useful information for how you use your phone and how it maintains itself for your maximum benefit. Prudent battery usage, mobile responsive interfaces that respond to how you hold your phone, search results that are tailored to your physical location—all of these helpful features are possible thanks to sensor data.
But the information these sensors gather can be used in ways we may not be aware of—and may not be comfortable with.
A look at the various components and sensors in an iPhone 6 diagram. Image courtesy of Semiconductor insights.
Data-Gathering Tools and Unintended Consequences
It’s no mystery why so many sensors are being added to smartphones and other devices. In this landscape of competing tech companies and increasingly complex electronics, adding functionalities to devices is an effective way to make a phone model stand out compared to its contemporaries.
In fact, clever thieves can actually monitor the angle of a smartphones as it’s being held to guess, with 70% accuracy, what a user’s PIN is.
“Stealing PINs via Mobile Sensors”
Studying this threat of PIN theft are Dr. Maryam Mehrnezhad and Dr. Siamak Shahandashti from the University of Newcastle’s School of Computing Science. They’ve just published a paper in the International Journal of Information Security this month: “Stealing PINs via mobile sensors: actual risk versus user perception”. The study focuses on PIN theft via phones and how users perceive the risks they face.
While public awareness about only downloading trustworthy apps is growing, Mehrnezhad warns that you don’t even need to download an app for these vulnerabilities to be exploited. All it takes is to visit a website with malicious code on it.
According to Mehrnezhad, “…on some browsers, we found that if you open a page on your phone or tablet which hosts one of these malicious code and then open, for example, your online banking account without closing the previous tab, then they can spy on every personal detail you enter.”
The study looks at PINlogger.js, a JavaScript-based code capable of accessing mobile phone sensors without the user’s permission. The code “listens” in on the sensors and feeds data to an artificial neural network that cracks PINs with “a success rate of 74% which increases to 86 and 94% in the second and third attempts, respectively”.
Essentially, the sensors in your phone are capable of recording patterns of how your phone tilts when you hold it, how your fingers move on the screen, and more.
The Newcastle team says they alerted companies like Google of the threats inherent in unsecured smartphone sensors. Some browsers, such as Mozilla and Apple Safari, have reportedly taken steps to address this issue, but no information was readily available on what those steps are.
The only way to completely protect yourself from sensors that betray your personal information is to not use them. In this day and age, however, it’s difficult to completely forego all of the sensor-laden devices that are vulnerable to exploitation.
At Mitchell Electronics, we have a history of treating our clients just like family. Call Mitchell Electronics at (914) 699-3800 today! Contact us today or visit our FAQs for more information about our products.
