Researchers show how a smartphone's motion sensors could reveal sensitive information such as pin numbers

It seems the smarter phones get, the more ways there are to compromise them. New research shows that hackers could potentially steal a mobile device’s pin number and other data just by monitoring the way a device tilts as a user types.

A paper published by a team of researchers from Newcastle University in the UK reveals how they could guess a four-digit pin with 70 percent accuracy at the first attempt by using data taken from a phone’s gyroscope. By the fifth attempt, the accuracy had gone up to 100 percent.
The danger comes from the way malicious websites and apps can access a device’s sensors without requesting permission, taking what appears to innocuous data and using it for nefarious purposes.
“Most smartphones, tablets, and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera and microphone to instruments such as the gyroscope, rotation sensors and accelerometer,” said Dr. Maryam Mehrnezhad, the paper’s lead researcher.
“But because mobile apps and websites don’t need to ask permission to access most of them, malicious programs can covertly ‘listen in’ on your sensor data and use it to discover a wide range of sensitive information about you, such as phone call timing, physical activities and even your touch actions, pins and passwords.”
The Guardian notes that there is a caveat with the system: it takes a lot of data before someone can guess a pin number. Users had to type 50 known pins, five times over, before it learned how they held a phone when typing each particular number.
The team identified 25 different sensors, which appear on most smartphones, that could give away information. Only a small number of these ask user permission to access the device. The researchers were even able to use the data to determine where someone was tapping and what they were typing on a mobile webpage.
Mehrnezhad says the team has been in touch with leading browser providers to alert them of the issue, and while some - Mozilla, Firefox, and Safari – have partially fixed the problem, the researchers are still working with the industry to find an ultimate solution.