Phone cameras and microphones can be used to accurately steal PINs, research has found.
The so-called PIN Skimmer unlocked 45 per cent of 200 eight-digit phone passwords tested after only five attempts, and busted 60 percent after 10 tests.
The attacks were a type of side-channel attack that took advantage of weaknesses in the physical implementation of systems.
University of Cambridge researchers Laurent Simon and Ross Anderson said a front camera and microphone could determine four- and eight- digit passcodes.
“The microphone is used to detect touch events, while the camera is used to estimate the smartphone's orientation and correlates it to the position of the digit tapped by the user,” the researchers wrote in the paper PIN Skimmer: Inferring PINs Through The Camera and Microphone. (pdf)
“The mobile application collects touch-event orientation patterns and later uses learnt patterns to infer PINs entered in a sensitive application.”
The researchers tested the malicious application and server components against Android-powered Nexus S and Galaxy S3 smartphones and discovered that, from a set of 50 four-digit passcodes, the PIN Skimmer could unlock 30 percent of devices after two guesses, and half after five guesses.
But the research had critics.
“I am skeptical about the applicability,” Neohapsis security consultant Erik Bataller said. “It just seems a bit cloak-and-dagger for the average Joe trying to compromise a cell phone.”
His colleague Nathaniel Couper-Noles agreed and said acoustic and visual side-channel attacks were not new and would continue to surface.
“Recently, a motion sensor was used in a proof-of-concept to infer passwords via rogue app,” Couper-Noles said.
“The short version is there are a lot of ways that your password could get breached, whether you enter it in public or not. I think of mobile device passwords as akin to the locks on our doors – meant to keep good people honest. Real attackers will come through the windows, or take down the walls if they have to.”