Security researchers have discovered a new flaw in smartphones that makes passwords and PINs vulnerable. Instead of using software to hack in, there’s a way that attackers could just listen to you type to steal your info.
The University of Cambridge, England and Linköping University in Sweden recently published their findings on how the noise of typing can be decoded. Using a test algorithm, the researchers could guess 31 out of 50 4-digit logins in just 10 attempts.
Researchers recorded 45 participants typing on Android tablets and smartphones and then fed the audio through a machine-learning algorithm. Using the sound waves that travel both through the screen and the air to the phone’s mic, the algorithm is able to predict where certain vibrations came from. The two different sound waves are important because they reach the mic at different times so the lag is used to calculate the location of the tap.
The possibilities behind the research are pretty crazy to think about. But the team behind the algorithm doesn’t think these type of attacks are being used, yet.
“Right now it’s really hard to imagine anybody deploying these attacks,’ lead author Ilia Shumailov, of the University of Cambridge, told the Wall Street Journal. “In the near future they’re definitely going to be there.”
Hackers would first need to infect a smartphone with malware and gain access to the microphone. That part wouldn’t be too hard, but creating an algorithm to decode the typing sounds might take a bit longer.