Instruments in smartphones such as the accelerometer, gyroscope and proximity sensors represent a potential security vulnerability as researchers have found that data from these sensors could be used by hackers to guess the security password.
Using a combination of information gathered from six different sensors found in smartphones and analysing them with machine learning and deep learning algorithms, the researchers succeeded in unlocking Android smartphones with 99.5% accuracy within only three tries, said the study.
The researchers believe their work, published in Cryptology ePrint Archive , highlights a significant flaw in smartphone security, as using the sensors require no permissions to be given by the phone user and are available for all apps to access.
Position and light
Led by Shivam Bhasin of Nanyang Technological University, Singapore, the researchers used sensors in a smartphone to model which number had been pressed by its users, based on how the phone was tilted and how much light is blocked by the thumb or fingers. Researchers took Android phones and installed a custom application which collected data from six sensors: accelerometer, gyroscope, magnetometer, proximity sensor, barometer and ambient light sensor. “When you hold your phone and key in the PIN, the way the phone moves when you press 1, 5 or 9, is very different. Likewise, pressing 1 with your right thumb will block more light than if you pressed 9,” Mr. Bhasin said.
The classification algorithm was trained with data collected from a group of people. Although each individual enters the security PIN on their phone differently, the scientists showed that as data from more people is fed to the machine learning algorithm, success rates improved over time.