Yeah, so this isn’t good.
What if the very act of tapping your smartphone’s passcode was all it took to expose that code to hackers?
Are you sitting down right now? You should probably sit down.
Well, as more and more of our personal data is stored on smartphones, the ways of securing those phones continue to be revealed as less and less robust. Next on the chopping block is your trusty PIN.
Modern smartphones come equipped with tons of sensors: cameras, microphones, GPS, accelerometers, gyroscopes, etc. According to a new study published in the Journal of Information Security and Applications, this data in aggregate is precise enough to determine what actions a user is taking with her phone — right down to the password she taps to unlock it.
A little malicious code plus the sensors that come standard on most smartphones is apparently all that it takes these days to render your phone’s security moot.
The study authors haven’t found this attack in the wild, but rather demonstrated that it works. Which, frankly, is scary enough. As Wikileaks’ dump of alleged CIA hacking tools has shown, known attacks have a way of getting passed around.
A lot of browsers are susceptible, including Chrome, Firefox, and Safari. That means you don’t even have to click a weird link or download a strange file to accidentally leak your taps to a malicious hacker or government official.
Simply going about your daily routine is enough to render your password pwned — providing perhaps an unfortunate metaphor for seemingly more and more of online life.