Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 916
- Points
- 113
The neural network was taught to recognize the user’s PIN code using data from the accelerometer, light sensor and other smartphone sensors with an accuracy of 84 percent. The developers note that applications do not need to ask for user permission to access these sensors, according to the study, a preprint of which was published by the Cryptology ePrint Archive.
Modern smartphones can contain a large amount of confidential information: correspondence history, applications for managing a bank account or important documents. Because of this, attackers are developing new ways to hack smartphones, and not all of them do so directly using vulnerabilities in the software. Some developers create hacking methods that are based on the principle of a side-channel attack . It implies that the attack is not on the system as such, but on its practical implementation - for example, you can find out the operations performed by the processor and their parameters by measuring its energy consumption.
Cybersecurity researchers led by Shivam Bhasin from Nanyang Technological University in Singapore used sensor data from a smartphone to discreetly determine a smartphone's PIN code. They wrote an application for Android smartphones that collects data from sensors and then sends it to a server for analysis. The developers chose six sensors that are present in most modern smartphones, and at the same time, the application does not need to obtain user permission to use them: an accelerometer, a gyroscope, a rotation sensor, a magnetometer and a light sensor.
Example of entering combination 0852 on the accelerometer data graph
Because the numbers on the keyboard are located in known locations, tilting the device or changing the amount of light hitting the light sensor can calculate which key the user pressed, without the need for data directly from the touchscreen. To automatically calculate numbers from large amounts of data, the researchers used different algorithms, but ultimately settled on a type of neural network called a multilayer perceptron.
The success of code selection depending on which sensor data was used
Having tested the work of the neural network on volunteers, the researchers found that when tested on all ten thousand possible combinations of four digits, the recognition accuracy in 20 attempts was 83.7 percent, and when recognizing among the 50 most common PIN codes, the accuracy was 99.5 percent in one attempt. The researchers also found that data from different sensors gave different effectiveness, and the best results were obtained from combined data from the accelerometer and gyroscope.
Previously, other unusual ways of “snooping” on a PIN code were presented. American researchers proposed determining the code based on the readings of smart watch sensors, read while entering a password on the keyboard; other experts have learned to select a pattern on Android smartphones using a video recording of the input, and the screen does not have to be visible on it, it is enough that they are visible in the frame user's fingers. And recently, for the same purpose, it was proposed to use mass spectrometry, which makes it possible to map substances on surfaces, for example, an ATM keyboard.
(c) Grigory Kopiev
Нейросеть подсмотрела PIN-код смартфона в данных акселерометра
Нейросеть подсмотрела PIN-код смартфона в данных акселерометра
nplus1.ru
