Hackers can grab your passwords just by the way you move your phone
Hacking your phone Here you thought covering your phone's screen while typing in passwords was enough to thwart prying eyes. Guess again. Sensors embedded in your phone (there are, apparently, 25) can tell which way your phone is moving or tilting and give off clues as to where you are typing on your screen. Researchers at Newcastle University in the United Kingdom discovered that they could accurately predict four-digit passwords 70 percent of the time—and 100 percent of the time after five guesses—just by reading the data from a smartphone.
Researchers say it's a matter of hackers being able to embed code into mobile versions of web browsers—including those on tablets. When one of these sites are opened, the code infects the device, and then can read any future details and data you enter including passwords for financial sites. Researchers say that even if the phone is locked, the code can still be collecting data.
"But because mobile apps and websites don't need to ask permission to access most of them, malicious programs can covertly 'listen in' on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords," says Dr Maryam Mehrnezhad, the lead author on the paper and a research fellow at Newcastle's School of Computing Science.
The sensors read the way you're moving your phone—whether you're tilting the device, or even scrolling, tapping or making any other kind of motion on the screen. These signature movements, in a way, bely your information once deciphered. Researchers say they've reached out to browser developers including Mozilla, Apple Safari and Firefox with these building in some adjustments. But a complete solution to protect data in this way is still being considered.
Some ways to protect yourself in the meantime? The basic one, of course, which is to change passwords regularly so if one is taken, you've already switched that code. Also, close out apps you're not using—or even better, delete apps you don't use—and close browser pages as well. And always manage your permissions—all part of maintaining good tech habits for all your devices.