North Korea was able to bully Sony Entertainment and the movie theaters into censoring one of their comedy movies, The Interview. What got North Korea upset was the fact that this movie – a comedy mind you – is about the assassination of their “dear leader,” Kim Jong Um.
Over the last few days a lot of people have voiced their opinion on Sony and the steps they took, but one voice in particular stands out from all the rest. That of Dr. Evil.
Researchers have found a way to figure out what personal identification number, or PIN, someone is typing into their smartphone by using the device’s built-in cameras and microphones to secretly record them.
Smartphones are handling an increasing amount of sensitive financial information, with banking and payment apps and other features that turn phones into full-featured mobile wallets. That makes mobile devices a ripe target for cybercriminals.
In a paper published Thursday, security researchers at the University of Cambridge detailed how they exploited the smartphone’s camera and microphone to detect PINs and gave some suggestions for making this type of hack more difficult.
This type of malware doesn’t exist in the wild just yet. The PIN Skimmer program was created by Cambridge’s Ross Anderson and Laurent Simon. The idea is to identify potential security holes before they can be exploited by criminals. In tests, the PIN Skimmer had a 30% success rate detecting four-digit PINs after monitoring a few attempts, and that number went up after it grabbed information over five tries.
First, the microphone detects that a person is entering a PIN. On many apps, the device will vibrate each time a number is tapped. That vibration creates a sound that is picked up by the microphone, which lets the malware know that a “touch event” is happening — in this case it is the entering of a secret PIN.
Then the camera takes over. The camera isn’t looking for reflections in your eyes or triangulating what numbers you’re looking at while typing in the code. The researchers use the camera to detect the orientation of the phone and determine where the user’s finger is on the screen. On-screen keypads typically display number in a standard order, so if the program can tell where a finger is tapping on the screen based on how the person is holding it, it can deduce what number is there. In their example, researchers assume people are holding their phones with one hand and typing in numbers with their thumb.
We use cookies to improve your experience on our site. By agreeing to this, we can analyze browsing behavior and unique IDs on this site. Declining or revoking consent may affect certain features.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.