A recent study unveils that your phone's password is scientifically guessable, as a team at Nanyang Technological University has found a way to unlock the phone by reading its sensor data. Are you friends with a Black Hat? Your phone might work as "The Marauder's Map" for him since it involuntarily stores the key info. But, to achieve this passcode one must have access to the phone to extract the data from 6 different sensors, embedded in its core. Sounds unfeasible? Actually not.
According to a team of researchers, this indeed represents a potential security vulnerability since the team had 99.5 percent success rate while guessing a phone's 4 digits PIN with a book of 50 most densely used PINs and highly sophisticated machine learning and deep learning algorithms. Previously used methods allowed accuracy up to 74 percent but the new method can crack all 10000 possible combinations in three trails. Accept it or not, boon or curse, the new method will eventually put a significant contribution to cryptography related research and probably, permanently put an end to an era where the PIN was the only gateway.
Smartphone's sensors can kill your security PINs
Guided by Shivam Bhasin, an NTU Senior Research Scientist, Temasek Laboratories, the team read the patterns depending on their response to a slight tilt or the amount of light, blocked by fingers. Highlighting a serious threat, the research team installed an application which simply accessed the phone's accelerometer, gyroscope, magnetometer, proximity sensor, barometer, and ambient light sensor and collected the unique sensor response, since there is no authentication required to extract this.
According to the team, a pattern of 1-5-9-0 would generate significantly different sensor response compared to 2-3-7-1. Tapping 1 with your right thumb will restrict more light than pressing 9. Giving credits to its data-driven response, the team also mentioned that the algorithm was treated with data collected from three people who each entered 70 random 4 digit PINs. Consequently, the data generated with each input was recorded. The classification algorithm then ranked the sensors as per their performances and thus the response created a unique pattern which ultimately improved in solving a specific key. The algorithm further improves its result once a greater of data is under investigation.
This suggests that a hacker can easily launch a massive attack once he has access to more data. Guess what? Not just it, one can even find your psychological nitty gritty if a deeper study is done which costs much more than the information saved on your phone. To restrict this information loss, the group strictly suggests everyone write stronger PINs and couple them with one-time passwords, two-factor authentications, and fingerprint or facial recognition. The research has been recently published in Cryptology ePrint Archive, as an open source paper.