Alert! Privacy Breach.

What if i tell you that while you are reading this post you are being monitored? all your activities are being recorded? and all you can do is nothing. Hopefully that is not at all happening but that is 110% possible. These days our smartphones are loaded with lots of features to make them even more smarter and that includes a bunch of sensors that more or less always stays on whether we use our phone or not, even if our phone is dead they still records the data and user activities.

Few years back if you were to install an app you were given only two choices either you allow the app all the permission it's asking for or you don't install that app at all. But hopefully google looked into the matter and things started getting changed with android marshmallow. Now you have the authority to allow or disallow what an app is asking for without being left with the option of uninstalling the app. But did it ever occurred to you that your apps still have access to all the sensor your smartphone is equipped with, you are left with no choices at all in this scenario. 

A team of scientists from Newcastle University in the UK have found that, hackers can potentially guess PINs and passwords – that you enter either on a bank website, app, or on your lock screen – to a surprising degree of accuracy by just monitoring your phone's sensors, like the angle and motion of your phone while you are typing.

Any malicious app can then use these data for nefarious purposes. The same is also true for malformed websites.

"Most smartphones, tablets and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera, and microphone to instruments such as the gyroscope, proximity, NFC, and rotation sensors and accelerometer," Dr. Maryam Mehrnezhad, the paper's lead researcher, said describing the research.

"But because mobile apps and websites don't need to ask permission to access most of them, malicious programs can covertly 'listen in' on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords."

Researchers were able to guess four-digit PINs on the first try with 74% accuracy and on the fifth try with 100% accuracy based on the data logged from 50 devices by using data collected from just motion and orientation sensors, which do not require any special permission to access.

Whether its an android or ios this type of attack is possible on every smartphone. Even when it's up to date and has all the recent security patches. All you can do is make sure that you download the apps from trusted website and restrict side loading of apps and access https websites.

Below is the video demonstrating the attack. For more technical details you can read the full research paper, titled "Stealing PINs via mobile sensors: actual risk versus user perception." published in the International Journal of Information Security. So from now on take your privacy a bit serious. Till next time stay, stay updated and stay connected.