Change way you use your phone and stop the hackers in their tracks
COULD hackers be accessing your phone, using technology you don’t even realise is there?
According to experts at Newcastle University, they might be.
WHAT? HOW COULD THAT HAPPEN?
It’s all down to the motion sensitive technology in your phone — the tech that, among other things, makes the display become horizontal if you turn your phone on its side, or tracks your movement for fitness apps.
A Newcastle research team showed data from these in-built motion sensors can reveal what people are typing.
They found that each time a user clicked, scrolled or tapped it made a unique type of movement and so on a known webpage, they could determine what part of the page the user clicked on and what they were typed.
Dr Siamak Shahandashti, a senior research associate in the School of Computing Science and co-author on the study, which is published in the International Journal of Information Security, said: “It’s a bit like doing a jigsaw – the more pieces you put together the easier it is to see the picture.
“Depending on how we type – whether you hold your phone in one hand and use your thumb, or perhaps hold with one hand and type with the other, whether you touch or swipe - the device will tilt in a certain way and it’s quite easy to start to recognise tilt patterns associated with ‘Touch Signatures’ that we use regularly.”
HOW EFFECTIVE IS THIS METHOD?
The cunning technology can crack a four-digit pin in just five guesses and, even more worryingly, 70% of the time it can get the right answer on the first try. Lead author Dr Maryam Mehrnezhad said: “Because mobile apps and websites don’t need to ask permission to access most of [the sensors] malicious programs can covertly ‘listen in’ on your sensor data and use it to discover a wide range of sensitive infor-
mation about you such as phone call timing, physical activities and even your touch actions, PINs and passwords.
“More worrying, on some browsers, we found that if you open a page on your phone or tablet which hosts one of these malicious codes and then open, for example, your online banking account without closing the previous tab, then they can spy on every personal detail you enter.
“And worse still, in some cases, unless you close them down completely, they can even spy on you when your phone is locked.”
The team are also investigating the possibility that the situation could be even worse for people using wearable technology that tracks fitness, because it is specifically designed to track people’s movement.
SO WHAT ARE COMPANIES DOING TO STOP THIS?
Researchers said they had alerted all the major browser providers of the risks but so far no-one has been able to come up with a permanent answer.
However, they say some browsers, including Mozilla, Firefox and Apple Safari have come up with a partial solution, and researchers are working with the industry on a more long-term fix.
IS THERE ANYTHING I CAN DO ABOUT IT?
Dr Mehrnezhad says these simple rules can help keep your sensitive information safe: Make sure you change PINs and passwords regularly so malicious websites can’t start to recognise a pattern; Close background apps when you are not using them and uninstall apps you no longer need; Keep your phone operating system and apps up to date; Only install applications from approved app stores; Make sure you know what permissions apps have on your phone; Look at the permission requested by apps before you install them on to your phone and choose a different app with more sensible permissions if you have to.