Your smartphone's motion sensors might be revealing things about you.
Photo: Samuel C. Rutherford/Tom's Guide
That's the word from a new security study from researchers at the UK's Newcastle University. In a report released this week, the researchers found that hackers can analyze your motion sensors, including an accelerometer and gyroscope, and figure out your PIN. After analyzing the data, the researchers were able to guess a four-digit PIN correctly in 74 percent of cases. After three tries, their accuracy rate went up to 94 percent.
The hack starts with an exploit that would allow hackers to monitor your sensors. In many cases, the researchers said, that can be achieved by simply injecting malicious code into your handset when you click on a malware-infested link.
Once the hackers are inside your smartphone, they can analyze your motion sensor data to determine when you might have input your PIN. When you're tapping on the screen, the motion sensors can pick up minute shifts and movements that are cataloged in your device. Hackers then access that data and can guess your PIN based on how your smartphone was shifting when you input your credentials.
Motion sensors offer several benefits, including the ability to track your activity and help with navigation. They've become standard components in the vast majority of smartphones.
However, the researchers told Popular Science, which earlier reported on the findings, that the motion sensors' data retention could also be cause for privacy concerns. In one instance, researcher Maryam Mehrnezhad told Popular Science that you wouldn't want your "insurance company to know if you're an active user or a lazy person."
Still, the researchers say the problem might not be so easily exploited. They told Popular Science that Apple patched its Safari browser, which would have allowed hacker access to motion sensor data, with last year's iOS 9.3 update. Mozilla also patched Firefox last year to address the problem.
Google, however, has said that it's "aware of the issue" in Chrome and hasn't said if the flaw is patched in the browser.
Those who are at risk of falling victim to the hack, then, should beware of malicious links and maintain safe browsing activities.