New "Deep Learning" Hacking Technique Is 99.5% Effective Cracking Into Android Smart Phones

Researchers at Nanyang Technological University in Singapore have developed a "deep-learning" for cracking into smart phones running the Android OS which has a "99.5 percent" effective rate after only three attempts, according to a new study reported by the Daily Mail

ph

The method uses an algorithm to reveal a person's passcode using the phone's six built-in sensors, which analyzes the unique tilt of the phone and how much light is being blocked while a person enters their four-digit pin. 

Co-author of the study Dr Shivam Bhasin from Nanyang Technological University, Singapore (NTU Singapore) said: 'When you hold your phone and key in the PIN, the way the phone moves when you press 1, 5, or 9, is very different. 

'Likewise, pressing 1 with your right thumb will block more light than if you pressed 9.' -Daily Mail  

Researchers developed a custom Android application which analyzes data from a phone's accelerometer, gyroscope, magnetometer, proximity sensor, barometer and ambient light sensor - in a method which can be used to guess all 10,000 possible combinations of four-digit PINs. 

As people "trained" the algorithm by entering more and more random PIN numbers, the app's success rate went up. 

Although everyone enters their PIN differently, the scientists showed that as data from more people is fed to the algorithm over time, success rates improved. 

This means that while a malicious application may not be able to correctly guess a PIN immediately after installation, it could collect data from thousands of users and then launch an attack once it has learnt their behaviours. 

The algorithm was trained with data collected from three people, who each entered a random set of 70 four-digit pin numbers on a phone, which recorded their entries. 

Scientists are worried that this method can be used by hackers who develop malicious apps to get through a user's security. Imagine downloading a seemingly innocuous program for your four-year-old to keep them quiet during dinner, only to have been surreptitiously been infected with PIN-cracking malware? 

q

To avoid this type of technique, Dr. Bhasin advises that users restrict access to their phone's sensors, and use a PIN that's longer than four digits - as well as two-factor authentication and fingerprint recognition. 

According to the Daily Mail, Professor Gan Chee Lip, Director of the Temasek Laboratories at NTU Singapore, said this study shows how devices with seemingly strong security systems can be attacked using malicious applications to spy on user behavior.

"Along with the potential for leaking passwords, we are concerned that access to phone sensor information could reveal far too much about a user's behaviour," said Lip adding

"This has significant privacy implications that both individuals and enterprises should pay urgent attention to."

Comments

ThanksChump DuneCreature Fri, 12/29/2017 - 05:18 Permalink

No, it isn't.

ZH is going bull goose retard with these tech-ignorant scare pieces lately.

Shame.

So the fuck what if some numbnut in Serbia gets your 4 year old's PIN??? It's useless without the physical phone. This "hack" is 99.5% not even a hack! It's a minor vulnerability that's useless without physical access, and only works for PIN lock devices (15-20% of Android devices).

Article Author: get a clue.

In reply to by DuneCreature

DuneCreature ThanksChump Fri, 12/29/2017 - 05:56 Permalink

Did that one go over your head? ......

I'm sorry. .......... I meant to hit you in the head with my rather cryptic post.

You must be an Smart Phone Sales Rep.

You think you own your device? ... No, your device owns you.

AI is in there and you had better heed its instructions to you or there will be negative consequences forthcoming.

Live Hard, Never Keep AI In Your Pants Pocket Because AI Is Prone To Biting, Kicking And Scratching When Cornered Or Provoked, Die Free

~ DC v8.7 beta

 

In reply to by ThanksChump

Endgame Napoleon JimmyJones Fri, 12/29/2017 - 12:38 Permalink

iPhone makes you use a longer pin, but I do not see why it is unimportant that hackers can access your phone. I guess you are saying that they cannot open up indivudual apps remotely, like email, for instance. Why, then, have I been trained for jobs by remote trainers who certainly could make my computer open  up things, performing functions on the computer to demonstrate what the employees had to do? Are smart phones different? 

In reply to by JimmyJones

Urban Roman DuneCreature Fri, 12/29/2017 - 06:54 Permalink

Yeah.

And the phone actually has another sensor that tells where the user is touching the screen.

If a piece of software can read the gyroscope, etc. it can also read the touch panel. Why not?

If you're really worried about security, don't use a touch screen device.

Come to think of it, just smash your computer and go outside and enjoy the weather.

In reply to by DuneCreature

DuneCreature Urban Roman Fri, 12/29/2017 - 07:54 Permalink

Good advice from both you and RS which I intend to heed (for the most part) right after the holidays. ... Weather permitting, of course, ...or not.

The problem is that to exist in today's world and make money you are wed to the electronics in your life. .. (A lot of us are, anyway.)

My cautions and concerns about AI are meant as a warning. .. If you know it's in there and what it is doing you can use your devices accordingly.

Live Hard, Adjust And Mitigate The Effects Of The AI Control Grid, Don't Reject A Perfectly Otherwise Fine Tool, Die Free

~ DC v8.7 beta

 

In reply to by Urban Roman

Endgame Napoleon Urban Roman Fri, 12/29/2017 - 12:45 Permalink

I love touch screen devices, though. They are like drawing pads. I do not think I would have gotten into computers beyond what I had to do for work if Steve Jobs had not been so insistent that they make the devices more natural, like the hand tools humans always created for themselves. The privacy issues are disturbing, though. Thing is, it cannot even be definitively hammered out before the SCOTUS. Because, this area really is global by design. You can’t control what people in other countries do via the Fourth Amendment to the US Constitution. 

In reply to by Urban Roman

FredGSanford. Fri, 12/29/2017 - 04:25 Permalink

Pre-order your iPhone 20!   Expected in early 2020.  It features a traffic light app which will change red to green.  Also a bad breath checking app for halitosis.   The iPhone 20 also can double as a porta potty for those who get caught short.  

All for the low low price of $8000.00.   If you order in the next 5 mins you get a set of ginzu Knives.  They can cut nails and concrete blocks!

Donate Moar JRobby Fri, 12/29/2017 - 11:40 Permalink

Hold on there Robby.

100 microsecond sampling rate is a serious waste of computing power since most folks just think the same thing all the time...especially us guys....ahem...

Example data stream: girls, girls,girls,girls,girls,girls,food,girls,girls,girls,girls,girls,girls,food,girls,girls,girls,girls,girls,girls,etc...

In reply to by JRobby

Endgame Napoleon Donate Moar Fri, 12/29/2017 - 12:51 Permalink

It is not the NSA, but Nordstrom’s that has paid for this thought tracking, knowing that a lot of women are thinking the following: 

  • shoes
  • shoes
  • shoes
  • shoes
  • shoes
  • kids
  • shoes
  • shoes
  • kids
  • shoes
  • work task
  • shoes
  • shoes
  • kids
  • kids
  • shoes
  • shoes
  • shoes
  • work task
  • kids
  • shoes 
  • shoes 
  • shoes
  • shoes
  • shoes

When you sell $400 shoes on the clearance rack, it is worth the investment in new tech. 

In reply to by Donate Moar

PT Fri, 12/29/2017 - 04:32 Permalink

...or you just don't use your phone or your computer for anything important.  If it can't be trusted then why do you trust it?

Oh, that's right.  Because it is convenient and everyone else trusts it.

Endgame Napoleon Fahq Yuhaad Fri, 12/29/2017 - 13:00 Permalink

....and typos, misspellings, comma omissions, misplaced commas and unintelligible word choices by the predictive text bot...Maybe, ZH wants us serial, multi-paragraph posters to condense. Or, the site might just be in progress. They are using an open-source CMS, with PHP as the programming language. I just wish they would let us load photos. 

https://en.m.wikipedia.org/wiki/Drupal

 

In reply to by Fahq Yuhaad

Endgame Napoleon Is-Be Fri, 12/29/2017 - 13:05 Permalink

EN is impressed. I wish I had pursued that when I was younger. It is really interesting to watch them put sites together. The details in this field are endless, more than in traditional art even. I see it as artistic, but it is really a math / science thing. It still seems like artists, trying to fit all the intricate pieces together to get a more perfect form across different devices. 

In reply to by Is-Be

Endgame Napoleon Stan522 Fri, 12/29/2017 - 13:10 Permalink

Except on a closed network, I still do not understand why PCs are safer. I like the idea of doing art on mobile devices. It is not like it is worth anything anyway, not unless you are some kind of genius. No one cares. 

https://en.m.wikipedia.org/wiki/Private_network

This set up, too, is secure, right?

https://en.m.wikipedia.org/wiki/Virtual_private_network

A VPN can be mobile, right? 

 

 

 

In reply to by Stan522

D503 Fri, 12/29/2017 - 07:17 Permalink

Just another tactic to drive people to identify themselves explicitly to manifest more accurate data for big data.

"Locking your phone is too dangerous! Submit a DNA sample to verify who is watching this porn and ordering this weapon!"

Sacrifice liberty for safety citizen!

OCnStiggs Fri, 12/29/2017 - 07:22 Permalink

Before your Droid is hacked and you are left penniless...

I know the "transition" to the new board has been painful but, how about a one-time donation to Tyler to help with the cost of that? See the donation tab above. (I didn't even notice there was a donation option...)

If you enjoy the news, information, zaniness, and incontrovertible Liberal stupidity professed daily on these boards, help out with a few buckeroonies -or Bitcoins. (C'mon... You are rich now. Share your fortune!)

Just sayin'

thebriang OCnStiggs Fri, 12/29/2017 - 10:08 Permalink

I would, if this werent already one of the spammiest sites on the web.

This whole "update" seems to have only been a way to force more ads through browser blockers so meh, donate away... I'll save my donations for websites that arent trying to take advantage of their users.

Not to mention that sites running 100 scripts and 10 video ads and popups from 20 different "ad" networks are the true primary vector of Most malware but interesting how no one ever mentions That.

If they werent trying to screw people you would be able to pay to not get bombarded with ads, since thats more than they make from individual user ads... but they dont.  Hmm. 

In reply to by OCnStiggs