Research result that the pass code is identified with accuracy of 70% or more when touching or tilting the smartphone

ByChristoph Scholz

When connecting to the Internet with a smartphone, there are methods such as "Do not download suspicious files" or "Do not carelessly enter information on unknown websites" as security measures. However, even though thoroughly doing these things, only surfing the net from a major mobile browser, data of sensors such as gyroscope, angle sensor, acceleration sensor etc. loaded on the smartphone are read and the user's A research result that the entered information is identified with accuracy of 70% or more is reported in BBC.

TouchSignatures: Identification of user touch actions and PINs based on mobile sensor data via JavaScript
http://www.sciencedirect.com/science/article/pii/S2214212615000678

The way people tilt their smartphone 'can give away passwords and pins' - BBC Newsbeat
http://www.bbc.co.uk/newsbeat/article/39565372/the-way-people-tilt-their-smartphone-can-give-away-passwords-and-pins

According to research results announced by the University of Newcastle in April 2016, when accessing the Internet with all major browsers such as Safari, Chrome, Opera, Firefox, etc., it reads information on sensors of mobile devices without user's permission I can do it. Analyzing the data of these sensors allows you to remotely identify the user's "phone call timing", "physical activity", "touch action on the screen", "PIN number", and so on.

The research team conducted experiments to analyze actions such as tap, scroll, hold, and zoom of the user using "TouchSignatures" which can execute malicious code on iOS and Android terminal and extract sensor data. As a result, it was possible to read data even when closing the browser or locking the smartphone, and succeeded in guessing the PIN number and 4-digit number with accuracy of 70% for Android and 56% for iOS Thing.

ByMarco Verch

It is pointed out that this problem can be applied not only to most smart phones and tablets, but also to IoT equipment equipped with sensors. Dr. Maryam Mehrnezhad, research researcher, said, "With some browsers it is now possible to keep track of the user's actions by accessing the page with malicious code embedded only once, completely shutting down the mobile device We can not escape tracking unless we do it. "

ByH is for Home

Although the research team reports this problem to Google and Apple, no one has solved this problem until the time of article creation. In the future research team is planning to study the risk that fitness tracker is linked to online profile.