A big joke in the cellphone industry was the excuse Apple gave for the “antennagate” issue upon introduction of the iPhone 4: “you’re holding it wrong.” Funny enough, holding it wrong may be the way to go in the future.
You’ve probably seen published lists of the most commonly used PIN numbers, including such creative numerology as 1111 or 5683 (spells out LOVE). Security experts look at those lists and shake our heads wondering what people were thinking when they hit “1” four times and thought their phone was secure.
Of course, at least they’re using a PIN of some sort in an effort to protect their phone. Even if the PIN is considered “weak,” the stark reality is most people don’t use one simply because PIN codes are inconvenient and take time to enter. In fact, most people don’t use any means of data protection at all.
Thank goodness you’re not one of those PIN-less cellphone users, right?
Well, what if I told you your PIN, no matter how cleverly created, is now trivial to hack? And that nifty complicated thumb sliding lock pattern you came up with that would require the hacker to be double-jointed to pull off? Even easier.
There’s a new PIN and lock pattern proof-of-concept hack from Dr. Adam Aviv and his team of researchers at the University of Pennsylvania that uses the accelerometer in your phone to detect how it moves in space specifically during the unlock process. As you move your thumb to hit the PIN numbers or trace the unlock pattern, this hack track the accelerometer data and matches it against its database of known patterns. They’ve been working on this attack vector for a few years now. Their previous approach utilized the gyroscopic sensors which lead to very imprecise measurements, but this new approach uses the accelerometer sensor in a “high bandwidth” mode and the results are pretty spectacular. In controlled settings with the subject seated they were able to guess the PIN number used 43% of the time and the unlock pattern 73% of the time. When the subject was walking, the accuracy dropped greatly due to the additional movement noise introduced to the sensors that resulted in only 20% of PINs and 40% of patterns guessed. They also mention the possibility of utilizing machine learning to determine text-based passwords as well, but mention no collected data against it.
I suspect long key presses for alternate characters may be difficult to decipher from the accelerometer data, but they do briefly mention key permutations (each key having multiple values from long presses), which increases the number of guesses required to get a four number PIN combination. If one were to use a very complicated password or random characters you could make it highly unlikely to guess your password using this method. Of course, you would also be spending the bulk of your time on your Smartphone entering an unlock password.
Another possible solution is to change the orientation of your phone (i.e. holding it wrong). Since Dr. Aviv’s team is only reading the accelerometer values and not the gyroscope values, which track pitch and roll of your phone, one could throw their data off. If they accounted for this circumstance and polled the gyroscope to determine orientation values while polling the accelerometer, the data sets would be much more complex as a result.
So clearly the best response to this type of attack method is to boogie down, run, jump, etc. while unlocking your phone. Personally, I’m working on some sick dubstep and James Brown moves to go along with my android unlock pattern that should make it near unreadable.