Researchers find accelerometers may pose security risk for smartphones

Jan 30, 2013 by Bob Yirka weblog

(—Visiting professor Adam Aviv and a team of colleagues from Swarthmore College in Pennsylvania, has found that studying the way a smartphone responds to being tapped as a person types in a PIN number, can help someone else guess that PIN number. The security problem came to light as the team was studying data sent by a typical smartphone accelerometer.

A smartphone is an electronic component that allows for data to be collected regarding the orientation of the phone. Applications loaded on the phone use it to allow for automatically re-orienting the screen image, for example, when it is turned to one side or the other. The team has found that the data signals that are sent by the accelerometer aren't as controlled as those for applications that run on the phone, and are thus more easily accessed by someone seeking to unlock a PIN on a stolen phone.

Whenever a phone is in use, data is sent in a constant stream from the accelerometer, alerting apps to real-time orientation changes. That data comes in the form of messages that indicate phone movements – up or down, forwards or back, and sideways. The accelerometer is so sensitive that it notes the slight changes in orientation that result when a user taps lightly on the screen – and tapping different spots on the screen causes slight differences changes. That's the data that the researchers used. They found that capturing accelerometer data and analyzing (using software that relied on a database of pre-captured data) the slightly different ways the device was moved during the time a person was inputting their PIN, could provide enough information to assist in guessing what that PIN was, thereby allowing access to the phone. They report a success rate of 43 percent when making just one guess. When given five tries, the success rate went up to 73 percent.

The team found that the typical does not require permission from its owner to broadcast orientation data from , and that the data sent was often independent of the applications that were relying on its capabilities. They also found that if a user typed in their PIN code while walking, the guess rate declined as the added noise served to defeat their efforts.

Explore further: BlackBerry launches Classic in last-ditch effort

More information: via BBC

Related Stories

Stealth game steals info from Android sensors

Apr 24, 2012

( -- No joke. A proof-of-concept application for phones running Android pretends to be a fun challenge asking the user to identify identical icons from a bunch of images. All the while the app monitors ...

ShakeID tracks touch action in multi-user display

Jun 03, 2012

( -- How do you determine who is doing the touching with a multi-user touch display? Microsoft Research has published a paper that presents a technique for doing so. The researchers make their attempt ...

WalkSafe app shields smartphone pedestrians (w/ video)

Nov 28, 2011

( -- Smartphone users who as pedestrians are not very smart about crossing and looking both ways now have a protective shield in the form of an Android app which they can download for free. A research ...

Recommended for you

Ear-check via phone can ease path to diagnosis

2 hours ago

Ear infections are common in babies and young children. That it is a frequent reason for young children's visit to doctors comes as no consolation for the parents of babies tugging at their ears and crying ...

Gift Guide: Home products come with connectivity

14 hours ago

Do you really need an app to tell you to brush and floss? It seems every household appliance is getting some smarts these days, meaning some connection to a phone app and the broader Internet. But then what?

BlackBerry launches Classic in last-ditch effort

Dec 17, 2014

(AP)—BlackBerry is returning to its roots with a new phone that features a traditional keyboard at a time when rival Apple and Android phones—and most smartphone customers—have embraced touch screens.

Tag Heuer changes tune, now looking at smartwatches

Dec 16, 2014

Barely a few months after dismissing Apple's smartwatch, the new chief executive of luxury Swiss watchmaker Tag Heuer conceded Tuesday that such a hi-tech gadget might after all have a place in his firm's ...

Runtastic turns to VR for optimal workouts

Dec 16, 2014

Some people avoid technology altogether when it comes time to switch off stress and turn on a feeling of health and well-being. They put on a pair of shoes and start walking. They get on a bike and start ...

Gift Guide: Five fitness trackers offer wide range

Dec 16, 2014

There are several fitness trackers to choose from, varying in what they measure and how easy they are to use. Here are five, ranked from budget to sophisticated, to give you a sense of the range available. ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

1.7 / 5 (6) Jan 30, 2013
Seems pretty easy to disable the accelerometer while passwords are entered.
1.7 / 5 (3) Jan 30, 2013
To clarify the risk here:

These people created an app that catches the orientation data on the phone it is installed on and sends it somewhere. It does not allow someone to sit next to you and capture your unlock code.

It does however suggest someone could create an innocuous app like a game. The game requires your appleID, which you provide. They then offer very cheap in-game purchases, which people buy. Buying them requires you to enter your appleID password... and the game catches orientation data at that point and sends it to a central source. Over time, you could steal a lot of appleIDs/codes that way.

@ECO - Not as easy as that. Apps have legitimate purposes for accessing that data. As does the phone itself. But you're on the right track in that a security solution does need to be developed.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.