Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Scythe Mugen 5 Rev.C CPU Cooler review
be quiet Pure Loop 2 FX 280mm LCS review
HP FX900 1 TB NVMe Review
Scythe FUMA2 Rev.B CPU Cooler review
SK Hynix Platinum P41 2TB M.2 NVMe SSD Review
Corsair K70 RGB PRO Mini Wireless review
MSI MPG A1000G - 1000W PSU Review
Goodram IRDM PRO M.2 SSD 2 TB NVMe SSD Review
Samsung T7 Shield Portable 1TB USB SSD review
DeepCool LS720 (LCS) review

New Downloads
Intel ARC graphics Driver Download Version: 30.0.101.1743
GeForce 516.94 WHQL driver download
Display Driver Uninstaller Download version 18.0.5.4
FurMark Download v1.31
Intel HD graphics Driver Download Version: 31.0.101.3222
AMD Radeon Software Adrenalin 22.7.1 driver download
GeForce 516.93 WHQL Studio driver download
Corsair Utility Engine Download (iCUE) Download v4.26.110
ReShade download v5.3.0
AIDA64 Download Version 6.75


New Forum Topics
AMD Software: Adrenalin Edition 22.7.1- Driver download and discussion AMD Radeon Software - Preview Drivers - DCH/UWP Windows power plan settings explorer utility GeForce RTX 4080 and RTX 4070 same consumption as RTX 3080 and RTX 3070 but more performance DDR5-6000 Memory is the Sweet Spot For AMD Ryzen 7000 Zen 4 CPUs NVIDIA GeForce 516.94 WHQL driver download & Discussion [3rd-Party Driver] Amernime Zone Radeon Release Nemesis 22.6.1 WHQL DriverPack (22.7.1 pending ...) Feature request: Display highest-load CPU thread/core Spider-Man Remastered Nvidia Profile (Import to Older Driver Sets / ReBAR support) Slow SSD write speed




Guru3D.com » News » Your Phone's Camera and Microphone Can Reveal Your PIN

Your Phone's Camera and Microphone Can Reveal Your PIN

by Hilbert Hagedoorn on: 11/15/2013 08:43 AM | source: | 6 comment(s)
Your Phone's Camera and Microphone Can Reveal Your PIN

Cambridge security researchers have been hacking smartphone passwords using the devices' own cameras and microphones. Laurent Simon and Ross Anderson at the University of Cambridge used an app they called "PIN Skimmer" to capture passwords as they were entered into a Samsung Galaxy S3 and a Google Nexus S, both of which use number-only soft keyboards.

The PIN Skimmer can tell when you're tapping keys by "listening" to clicks via the phone's microphone. It correlates this with a recording of your face through the camera, then analyzes how the orientation of the phone changes from tap to tap. That tells it which part of the screen you're touching—i.e. which number you're pressing.

This kind of attack is known as a "side channel attack," which means it uses the physical properties of the phone. According to the researchers' paper, previous studies have used a phone's accelerometer and gyroscope to collect PINs, but theirs is the first to work with the camera and microphone. When they tested PIN Skimmer with a set of 50 potential four-digit passwords, they found it correctly inferred 30 percent of PINs after two attempts, and more than 50 percent after five attempts. It's worth keeping in mind an iPhone lets you have ten attempts to get your code right. "It did surprise us how well it worked," Anderson, one of the study's authors, told the BBC.

You might argue that a set of 50 PINs is hardly realistic of the infinite number combinations people could choose to lock their phones. That's true in theory, but the researchers point out that most people don't choose their passwords randomly, and the 20 most common four-digit PINs represent about 27 percent of user-selected PINs. If you're still using 1-2-3-4, it might be time for a change.

And using a longer PIN (if your phone allows it) is also no great help against the PIN Skimmer program. In fact, when test sets of 200 passwords were used, it correctly guessed more eight-digit PINs than four-digit PINs after five attempts. That's because the longer the PIN, the more information the program has to work with, and the less likely it is to confuse one password with another.







« Sony PS4 vs .50 cal - Slow Mo Destruction at 50,000 FPS · Your Phone's Camera and Microphone Can Reveal Your PIN · Eurocom Panther 4.0 laptop has Core i7-4960X and GTX 780M SLI »

2 pages 1 2


Veeshush
Senior Member



Posts: 1095
Joined: 2010-11-28

#4702292 Posted on: 11/15/2013 10:42 PM
app they called "PIN Skimmer"


So while the way it goes about collecting stuff is different, you'd still have to have the malicious app installed and give it permission for access to your microphone and camera.

dcx_badass
Senior Member



Posts: 9978
Joined: 2005-02-26

#4702577 Posted on: 11/16/2013 04:43 AM
First they need to get the app on my phone, second I have key tones turned off, third I use a pattern unlock AND code lock. Not to mention xprivacy blocks apps from using anything without my say so.

BetA
Senior Member



Posts: 4412
Joined: 2008-03-03

#4702653 Posted on: 11/16/2013 08:49 AM
well, that isnt new at all..
Also, there are tools out there, in the dark corner of teh webs, you would tzhrow your phone away if u know..

i work with these tools so i can counterfight them..
Me, personally, i wouldnt use this tool. i just need your phone. no pin, no nothing..even when its off. i can kill the pin and make a new one, also puk, and other passwords you might use on your Android device (pattern lock/etc)..
Of course, im not gonna link anything, nor to i answer PM´s with question where u can get this stuff.. :3eyes:

im using a virtual framework on my phone..its like a virtual box ;) safest thing u can use..

also, my system is restricted, even google or system cant phone home, send my data or whatever..(sensors are turned of atm at my Phone, thanks to an special "Framework" ;)


BetA

edit:
@dcx_badass

yes, XPrivacy is a good start..one of the best and valuables tool for android Xposed FM...i would also ad AFwall+ with dinit support and some manuall modifikations to teh rom itself. i made my own rom, cause i was sick of google changing my rom and such..now, google cant do **** on my phone :) im the full ADMIN, my Phone is under "My" controll. not googles or anything else..it took me 1/2 year to get there..

Speed Weed
Senior Member



Posts: 1066
Joined: 2011-12-04

#4703153 Posted on: 11/17/2013 12:09 AM
That's precisely why I don't use my mobile for online banking, or pay for goods using NFC.
Often watch the trendies showing off by paying for coffees in the likes of Starbucks using that method, and it practically makes my hair stand on end seeing them do that.

Extraordinary
Senior Member



Posts: 19562
Joined: 2010-04-21

#4703169 Posted on: 11/17/2013 12:21 AM
What's the point in making it as complex as that? If it has to be installed on phone the begin with, with all those permissions, why not just send back the actual PIN that gets entered instead of all that camera, mic, tilt crap ?

2 pages 1 2


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2022