Security PIN plays a vital role in protecting sensitive application such as banking applications, Wallets, and unlocking screen. It remains as a valuable asset to keep our data confidential.
Security researchers Nanyang Technological University, University of Applied Sciences and Cyber and Information Security Group, published a paper indicating that PIN can be reconstructed by combining the pieces of data available from the sensors.
Information Gathered from Sensors
In Smartphones, there are no permission restrictions(zero-permission) for sensors which may allow attackers to collect sensitive information from the sensors and reconstruct the PIN with a malicious app.
Researchers tested with the data collected from Accelerometer, gyroscope, magnetometer, proximity, barometer, ambient light, and rotation vector sensors to reconstruct the PIN.
The possibility of a PIN is between 0 to 9 and for entering PIN it requires users to move hand as well as tilting or rotating the smartphone and the smartphone also move therefore it is possible to find each specific number based on the hand movement by reading the information from sensors.
Also Read Acoustic Attack Against HDDs Can Cause Permanent Damage CCTV DVR, PCs, ATMs
Researchers say’s “they able to classify all 10,000 PIN combinations, results show up to 83.7% success within 20 tries in a single user setting. Latest previous work demonstrated 74% success on a reduced space of 50 chosen PINs, where we report 99.5% success with a single try in a similar setting.”
Attack Scenario
If attackers inject malicious code into victim smartphone it samples the sensor data and analyzes the acquired training data. then sampling done with unknown PINs and the classification is done based on the profile generated in the training phase and then the results are classified. Researchers published a PoC explaining technical details.
Researchers proposed Single Digit Classification approach and Cross-user Exploitation.The first approach is to use the complete data stream and to associate it to the combination of keys during the training phase and the second approach is to identify each digit in the sensor data individually.
The cross-user setting is, that it allows the training to be done by different users than the attack. This increases the chances of successful attacks in practical scenarios, where a malicious application can learn from several users to recover PIN of a new user.
Researchers concluded that we used single-digit classification methodology to recover and the data acquired are used to train MLP neural network and the best results are obtained from the accelerometer.They believe the cross-user exploitation that it is possible to boost the success rate of the attack, by training with a pool of users and attacking one of them, rather than just training on the target user.
Preventive Measures – Recover Smart Phone PIN
Limiting the frequency of sensors may reduce the attack feasibility, also we can disable the sensors while entering the PIN.
However, it is a temporary one and researchers suggested to rethink sensors access in smartphones.With zero-permission sensors, attackers can go beyond PIN recovery.Attackers can learn user behavior, location etc.