Researchers at the University of Cambridge, England, and Linkping University, Sweden, have found that hackers can unlock their cell phone passwords through the sound produced by tapping the screen. Using mobile device microphones, software developed by scientists was able to correctly identify more than half of the four-digit PINs used on Android tablets, among other positive results.
The vulnerability was discovered from laboratory experiments rather than from the real world. The article "Hearing Your Touch: A New Acoustic Side Channel on Smartphones", published on a Web site maintained by Cornell University, has not yet been peer reviewed when one or more area experts review the scientific work, standard procedure in between. academic.
Mobile password: Learn how to add a PIN or drawing on Android
Researchers discover vulnerability that allows hackers to discover mobile phone password by listening to the sound of the touch screen Photo: Paulo Alves / TechTudo
Want to buy a cell phone, TV and other discounted products? Meet the Compare TechTudo
The researchers started from a simple premise: the touch of fingers on the screens of smartphones and tablets generates sound waves. Since most current mobile devices have multiple microphones, this data could be crossed to map where on the screen the ringing sound is coming from and thus identify the key the user has played.
The software they created can track which microphone captures the sound first, as measured by fractions of a second. With this precision, in one experiment, the program was able to guess four-digit passwords 73% of the time after 10 attempts. In another test, the software identified 30% of passwords with seven to 13 characters after 20 attempts.
Hackers discover mobile password by tapping fingers Photo: Elson de Souza / TechTudo
"We have shown that the attack can successfully recover PIN codes, single letters and whole words," said the authors of the article – Ilia Shumailov, Laurent Simon, Jeff Yan and Ross Anderson – in an interview with The Wall Street Journal.
Nevertheless, they themselves claim that this is a difficult technique to use in the real environment. This is because, first, potential victims need to install malware on their devices. Then the user must still allow the program to have access to the device's microphone.
How to enter WhatsApp digital / password on iPhone