Best daily deals

Affiliate links on Android Authority may earn us a commission. Learn more.

Hackers can steal your password by looking at how you tilt your phone

According to a team of cybersecurity experts at Newcastle University, the way you tilt your phone could be used by hackers to break into your device.
By
April 11, 2017

According to a team of cybersecurity experts at Newcastle University, the way you tilt your phone could be used by hackers to break into your device.

Broadcom Wi-Fi SoC exploit affects many Android devices
News

When it comes to security and the protection of privacy, people often worry about connecting to public Wi-Fi networks, tricking face recognition technology, or bypassing fingerprint sensors. What usually gets left out of the discussion is the multitude of basic motion and orientation sensors that can be found inside most smartphones and tablets today. Well, according to cyber-experts at Newcastle University, we should be paying more attention to these sensors that we take for granted every day.

According to the paper published by the team, they were able to crack four-digit pins with 70 percent accuracy on the first guess and 100 percent accuracy by the fifth guess.

Essentially, because most apps and websites don’t need special permissions to access the device’s motion and orientation sensors, malicious hackers could “listen in” on your sensor data without your knowing. Using the movement and the positioning of the device, hackers are able to guess not just your password but also where on the screen you’re interacting. According to the paper published by the team, they were able to crack four-digit pins with 70 percent accuracy on the first guess and 100 percent accuracy by the fifth guess. Considering most phones allow more than five attempts without serious repercussions, this is alarming news indeed.

Because every movement – tapping, scrolling, long-pressing – leads you to hold your device in a unique way, hackers could potentially use these standard sensors to monitor on which part of the page your touch is registered and what you are typing on your virtual keyboard. According to these researchers, unless you close down completely the app or the website that contains the malicious codes, hackers could spy on you even when your phone is locked.

The trouble is, however, there isn’t much that can be done right now. The team has already notified major tech companies like Apple and Google, but no one has come with a solution thus far. Unless they introduce sensors into app permissions and every single website, these sensors are likely to remain vulnerable.

What measures do you take to protect your privacy? Let us know by leaving a comment below!