PROFESSORS warn smartphone's camera can be used
'maliciously' against its owner.
The PIN for your smartphone can be revealed by
software which watches your face via the phone’s camera and listens to your
clicks through the microphone as you type, researchers have found.
A team from the University of Cambridge used a
programme called PIN Skimmer and warned that the camera and microphone can
reveal PINs entered on a number-only soft keypad.
The finding has potentially damaging ramifications
as smartphones are handling greater amounts of sensitive financial information.
Testing on the Google Nexus-S and Galaxy S3
smartphones, the researchers found the programme was successful more than half
the time after five attempts when trying to determine four-digit PINs.
With eight-digit PINs the success rate was 60 per
cent after 10 attempts.
The professors warned the programme could also be
used to hack into a customer’s online banking, with users increasingly
downloading banking apps to their smartphone.
The report’s authors, Professor Ros Anderson and
Laurent Simon, warned the camera and microphone could be used “maliciously”
against a smartphone’s owner.
“We demonstrated that the camera, usually used for
conferencing or face recognition, can be used maliciously”, the authors told
the BBC.
“We watch how your face appears to move as you
jiggle your phone my typing. It did surprise us how well it worked.”
“If you’re developing payment apps, you’d better be
aware that these risks exist”, Professor Anderson warned.
The programme can effectively “hear” the clicks that
the phone makes as the user presses the virtual number keys, the researchers
warn.
The Cambridge professors said there were a number of
possible solutions but all had their flaws.
One idea is to use a longer number for a PIN but the
academics said that this will affect “memomorability and usability”.
Mixing up the numbers on your keypad so that they
are random would also “cripple usability on phones”.
No comments:
Post a Comment