This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.bbc.co.uk/news/technology-24897581

The article has changed 2 times. There is an RSS feed of changes available.

Version 0 Version 1
Smartphone PIN revealed by camera and microphone Smartphone Pin revealed by camera and microphone
(2 days later)
The PIN for a smartphone can be revealed by its camera and microphone, researchers have warned. The Pin for a smartphone can be revealed by its camera and microphone, researchers have warned.
Using a programme called PIN Skimmer a team from the University of Cambridge found that codes entered on a number-only soft keypad could be identified. Using a program called PIN Skimmer, a team from the University of Cambridge found that codes entered on a number-only soft keypad could be identified.
The software watches your face via the camera and listens to clicks through the microphone as you type.The software watches your face via the camera and listens to clicks through the microphone as you type.
The tests were carried out on the Google Nexus-S and the Galaxy S3 smartphones.The tests were carried out on the Google Nexus-S and the Galaxy S3 smartphones.
"We demonstrated that the camera, usually used for conferencing or face recognition, can be used maliciously," say the report's authors Prof Ross Anderson and Laurent Simon."We demonstrated that the camera, usually used for conferencing or face recognition, can be used maliciously," say the report's authors Prof Ross Anderson and Laurent Simon.
According to the research, the microphone is used to detect "touch-events" as a user enters their PIN. In effect, it can "hear" the clicks that the phone makes as a user presses the virtual number keys. According to the research, the microphone is used to detect "touch-events" as a user enters their Pin. In effect, it can "hear" the clicks that the phone makes as a user presses the virtual number keys.
The camera then estimates the orientation of the phone as the user is doing this and "correlates it to the position of the digit tapped by the user".The camera then estimates the orientation of the phone as the user is doing this and "correlates it to the position of the digit tapped by the user".
"We watch how your face appears to move as you jiggle your phone by typing," said Ross Anderson, professor of security engineering at Cambridge University."We watch how your face appears to move as you jiggle your phone by typing," said Ross Anderson, professor of security engineering at Cambridge University.
"It did surprise us how well it worked," he told the BBC."It did surprise us how well it worked," he told the BBC.
When trying to work out four-digit PINs the programme was successful more than 50% of the time after five attempts. With eight-digit PINs the success rate was 60% after 10 attempts. When trying to work out four-digit Pins the programme was successful more than 50% of the time after five attempts. With eight-digit PINs the success rate was 60% after 10 attempts.
Many smartphone users have a pincode to lock their phone but they are increasingly used to access other types of applications on a smartphone, including banking apps. Many smartphone users have a Pin code to lock their phone but they are increasingly used to access other types of applications on a smartphone, including banking apps.
This raises the question of which resources should remain accessible on a phone when someone is entering a sensitive PIN, say the report's authors.This raises the question of which resources should remain accessible on a phone when someone is entering a sensitive PIN, say the report's authors.
Randomise keysRandomise keys
"For instance when a call comes in, the user needs to hear the ring tone while unlocking his phone; otherwise he may assume the caller has hung up.""For instance when a call comes in, the user needs to hear the ring tone while unlocking his phone; otherwise he may assume the caller has hung up."
One suggestion to prevent a PIN being identified is to use a longer number but the researchers warn this affects "memorability and usability".One suggestion to prevent a PIN being identified is to use a longer number but the researchers warn this affects "memorability and usability".
"Randomising" the position of numbers on the keypad is also suggested but the researchers believe this would "cripple usability on phones"."Randomising" the position of numbers on the keypad is also suggested but the researchers believe this would "cripple usability on phones".
Getting rid of passwords altogether and using fingerprints or face recognition are offered as more drastic solutions.Getting rid of passwords altogether and using fingerprints or face recognition are offered as more drastic solutions.
"If you're developing payment apps, you'd better be aware that these risks exist," warns Prof Anderson."If you're developing payment apps, you'd better be aware that these risks exist," warns Prof Anderson.