Malicious software hijacks your phone’s microphone and camera to record your PIN
New software could threaten the security of mobile banking
A research paper from the University of Cambridge has outlined how PIN numbers used on smartphones can be recorded by hijacking the device’s camera and microphones.
The news is especially worrying as the rise of mobile banking means that PIN numbers entered into smartphones are often used to secure more than just the phone’s basic functionality.
The researchers, Laurent Simon and Ross Anderson, used a custom piece of software called PIN Skimmer to grab the PIN numbers. This program hijacks phones’ microphones to detect when you tap the touchscreen and then syncs this with data from the camera to work out where on the screen you pressed.
For example, when right-handed individuals press a button in the top left hand corner of their phone’s screen they often tilt the phone towards their thumb with their supporting fingers. This changes position of the user’s face as recorded by the front-facing camera, giving the program a unique marker that corresponds with a number on screen.
The research was carried out on a pair of Android-powered smartphones, a Nexus S and Galaxy S3, and under test conditions PIN Skimmer was able to work out more than 50 per cent of four digit PIN numbers after five attempts and 60 per cent of eight digit numbers after ten attempts.
One step in the malware’s process even presents users with a game where they have to match pairs of icons that appear onscreen. The program can record data from the camera during the game and then use this as a reference guide, matching how the user appears in the camera to where they’ve touched the screen.
The researchers suggested methods of obstructing the malware, but noted that randomising the order in which numbers appear on an onscreen keypad would “cripple usability” whilst employing longer PIN number would affect “memorability and usability”.
More “drastic” solutions included getting rid of passwords altogether in favour of face recognition or fingerprint scanners, although neither of these methods are yet common.
"If you're developing payment apps [for mobiles], you'd better be aware that these risks exist," Professor Anderson told the BBC.
An illustration of how the position of the phone's camera is changed as users reach for different parts of the keyboard. Image credit: Laurent Simon/Ross Anderson/University of Cambridge
Life & Style blogs
Britain's kitchens so filthy that they present a health risk, says new research
Fashion Revolution Day: wear your clothes inside out and ask #whomademyclothes to support worker welfare
The world's first edible garden of cake
KickassTorrents down: new Isle of Man domain taken offline just hours after launch
How to turn off/stop 'seen by' on Facebook: Disable it to make your chats seem less passive aggressive
The sickening truth about food banks that the Tories don't want you to know
Migrant boat disaster: Ukip candidate mocks victims in sickening Twitter post
Nigel Farage wants the BBC to stop making programmes like Doctor Who, Strictly Come Dancing, and Top Gear
Global warming: Scientists say temperatures could rise by 6C by 2100 and call for action ahead of UN meeting in Paris
Rupert Murdoch berated Sun journalists for not doing enough to attack Ed Miliband and stop him winning the general election
General Election 2015: Britain would become a 'communist dictatorship' under Ed Miliband and Nicola Sturgeon, claims wife of Michael Gove
- 1 Sofyen Belamouadden murder: The inside story of a crime that horrified Britain
- 2 How to turn off/stop 'seen by' on Facebook: Disable it to make your chats seem less passive aggressive
- 3 Company breaks open Apple Watch to discover what it says is 'planned obsolescence'
- 4 'We're not heroes, just tourists': Swedish police officers on holiday stop vicious assault on New York subway
- 5 Buckingham Palace guard who attacked passers-by in 'most most violent piece of CCTV footage' police officer had seen walks free
iJobs Gadgets & Tech
£70000 - £90000 per annum + bonus + car allowance + benefits: Ashdown Group: H...
£28000 - £32000 per annum + Excellent benefits: Ashdown Group: Application Sup...
£28000 - £32000 per annum + Excellent benefits: Ashdown Group: Systems Analyst...
£40000 - £48000 per annum + bonus and benefits: Ashdown Group: European Recrui...