PIN Skimmer- A Software That Uses Your Phone's Camera And Microphone To Leak Your PIN

Ambarish Ganesh · 2013-11-12T03:42:50+00:00

That front facing camera on your smartphone that shoots brilliant selfies may be revaling your secrets, in more ways than you can imagine. And yes, be very warned of voice calling too, as your mic is an equal accomplice in this game. A team at the University of Cambridge demonstrated PIN Skimmer, a software package for Android via which the codes punched onto your smart's virtual keypad could be leaked out. Now how in God's holy name is this possible, you ask? The software prompts the camera to study your face, and its various movements- head alignment and eye movement included, no shit. It then "listens" to the various clicks you click on the screen as you punch in your PIN number. The tests were performed on a Google Nexus S and a Galaxy S3, and the researchers were left stumped by the accuracy of identifying the correct PIN of any person. Now hijacking of the camera is getting pretty common, and Prof. Ross Anderson, who's with the department of security engineering at Cambridge University believes that this is a serious threat that should be looked into, for it may sabotage various mobile payment apps. And there are ways in which user can pull off a win over this software- by including random keys or using larger PIN numbers, but the Professor believes that this would downgrade the efficiency of the phone. Other extreme solutions include incorporating facial recognition and fingerprint identification in place of PINs. Tedious, yes, but surely secure.

PIN Skimmer- A Software That Uses Your Phone's Camera And Microphone To Leak Your PIN

Ambarish Ganesh

Member

Updated: Oct 25, 2024

Views: 1.3K

That front facing camera on your smartphone that shoots brilliant selfies may be revaling your secrets, in more ways than you can imagine. And yes, be very warned of voice calling too, as your mic is an equal accomplice in this game. A team at the University of Cambridge demonstrated PIN Skimmer, a software package for Android via which the codes punched onto your smart's virtual keypad could be leaked out.

Now how in God's holy name is this possible, you ask? The software prompts the camera to study your face, and its various movements- head alignment and eye movement included, no shit. It then "listens" to the various clicks you click on the screen as you punch in your PIN number. The tests were performed on a Google Nexus S and a Galaxy S3, and the researchers were left stumped by the accuracy of identifying the correct PIN of any person.

Now hijacking of the camera is getting pretty common, and Prof. Ross Anderson, who's with the department of security engineering at Cambridge University believes that this is a serious threat that should be looked into, for it may sabotage various mobile payment apps. And there are ways in which user can pull off a win over this software- by including random keys or using larger PIN numbers, but the Professor believes that this would downgrade the efficiency of the phone. Other extreme solutions include incorporating facial recognition and fingerprint identification in place of PINs. Tedious, yes, but surely secure.

0

Replies

Howdy guest!

Dear guest, you must be logged-in to participate on CrazyEngineers. We would love to have you as a member of our community. Consider creating an account or login.

Replies

Saandeep Sreerambatla

Member • Nov 12, 2013

We need to design a app to disable camera at times as well. which will prove to be beneficiary in many different ways.

and also make the mode always off such that, if we are genuinely interested we will switch on the camera 😀

Are you sure? This action cannot be undone.
Cancel
micheal john

Member • Nov 17, 2013

Ambarish Ganesh
That front facing camera on your smartphone that shoots brilliant selfies may be revaling your secrets, in more ways than you can imagine. And yes, be very warned of voice calling too, as your mic is an equal accomplice in this game. A team at the University of Cambridge demonstrated PIN Skimmer, a software package for Android via which the codes punched onto your smart's virtual keypad could be leaked out.

Now how in God's holy name is this possible, you ask? The software prompts the camera to study your face, and its various movements- head alignment and eye movement included, no shit. It then "listens" to the various clicks you click on the screen as you punch in your PIN number. The tests were performed on a Google Nexus S and a Galaxy S3, and the researchers were left stumped by the accuracy of identifying the correct PIN of any person.

Now hijacking of the camera is getting pretty common, and Prof. Ross Anderson, who's with the department of security engineering at Cambridge University believes that this is a serious threat that should be looked into, for it may sabotage various mobile payment apps. And there are ways in which user can pull off a win over this software- by including random keys or using larger PIN numbers, but the Professor believes that this would downgrade the efficiency of the phone. Other extreme solutions include incorporating facial recognition and fingerprint identification in place of PINs. Tedious, yes, but surely secure.

is this legal?

Are you sure? This action cannot be undone.
Cancel