Smartphone can overhear spit and track
- Apr 06
Accelerometer is able to track the movement of the device according to three axes. He, in particular, helps to turn the image, put it vertically or horizontally depending on the position of the device. In 2006, the acceleration sensor first appeared in the phones, then it was the Nokia 5500 model, in which the accelerometer helped implement "sports" functions - pedometer. The gyroscope was first added to the Apple smartphone - in the iPhone 4. The sensor allows you to drive a car in racing games without pressing the arrows and provides the direction of the person on the displayed map. For these amenities you have to pay safety. The attackers, having received access to data from one or more sensors, are able to pull out of them a lot of useful. Such access is easy to get: go, for example, on this page from the smartphone, and you will see that JavaScript easily receives data from a gyroscope. The same is possible with HTML5.
Smartphones on iOS and Android are blocked using a digital pin-code, graphic or fingerprint. In the first two cases, the phone can be hacked by finding out how it changes the position during unlocking by the user. In the case of a digital pins, researchers from Newcastle University of Great Britain learned him to guess the first time in 74% of cases, using several sensors - an accelerometer, gyroscope and magnetometer. From the third attempt, they hacked the code in 94% of cases.
Popular Safari browsers, Chrome, Firefox, Opera and Dolphin initially have access to sensors, so attackers are enough to add the appropriate exploit to the site, and not to request the resolution from the owner that is required when installing the application from the stores.
Graphic pinkode involves a quick password input from four or more points on the field 3x3. The field has 389,112 possible combinations, but researchers from Pennxilvania University are confident that users use an order of magnitude less schemes. Part of the combinations are uncomfortable for continuous use. The application running in the background, starts the accelerometer at the desired moment, then disables it and transmits data to fraudsters. Researchers needed only one sensor for hacking.
A similar method in 2015 was used by scientists from the IT University of Copenhagen, only in this case the smart watches were monitored not only for entering the code on the smartphone, but also for entering a pin from the card in an ATM or store. Data from the exhaustacker in the clock was transferred to the smartphone, from where they went to the server and unloaded to CSV.
Millions of people work daily for laptops and desktop computers. Fraudsters can find out that the person prints on the keyboard if the smartphone is close to it. Scientists from the Georgia Institute of Technology in 2011 have programmed mobile devices for monitoring the text in the keyboard: the gadgets measured the surface vibrations. According to scientists, the procedure was not easy, but the accuracy of determination at that time was up to 80%.
The iPhone 3GS smartphone for such a job was not suitable, but IPHONE 4 showed perfectly, the first smartphone with a built-in gadeller. A group of researchers made attempts to use a microphone for surveillance, a more sensitive sensor. The accelerometer ultimately turned out to be the preferred method, as the system is traditionally less protected.
Developed by scientists was looking for serial pairs of keystrokes. The application recognizes where the keyboard keys were pressed - on the left, on the left and right from the bottom, right-bottom and right, and also determines the distance for each pair of keys. It then compares the results with the previously loaded dictionary. The method worked with words from three and more letters.
You can not only steal data from the accelerometer, but also to control with it with the device, forcing the smartphone to perform the action by fraudsters. The speaker for 5 dollars helped hack 20 accelerometers from 5 manufacturers using sound waves. A group of researchers from Michigan University and University of South Carolina used "Music Virus", as they called their technique in an interview with The New-York Times to force the Fitbit application to believe that the user made thousands of steps, and control the toy machine using the phone. The purpose of researchers was the creation of software solutions to counteract such attacks.
Since the gyroscope catches and sound oscillations, it can be used for a hidden wiretapping. Scientists from Stanford University and specialists from the Israeli defense company Rafael found a way to turn a smartphone gyroscope on Android in a constantly included microphone. They developed the application "Gyrophone": Sensors of many devices on Android capture vibrations from the sound with a frequency of 80 to 250 hertz.
The voice of an adult man has a frequency from 85 to 155 Hz, women - from 165 to 255 Hz. Consequently, the exercise is capable of listening to human speech. The iPhone gyroscope uses the frequency below 100 Hz, so it is not suitable for the same purposes, but, nevertheless, maybe in some words to help recognize the floor of the speaker. The instrument accuracy in 2014 was not very high - up to 64%.
The coherent work of several sensors in the smartphone and machine learning will help track the movement of the device owner when satellite navigation is turned off. The illustration below shows how accurately the route determines the method proposed by a group of researchers from the Institute of Electrical Engineering Engineers and Electronics (IEEE). Green marked the path that the user drove in transport, orange - the path traveled, and black - data with GPS.
The PINME application compares information from the sensors with the open data. First, the exploit receives information about the last IP address of the smartphone and connecting to Wi-Fi to determine the starting point of the route. Then - in the direction, speed of movement and frequency of the stop recognizes the difference between walking, riding by car and public transport, flights on the aircraft. The received PINME data compares with information from open sources: navigation data takes from OpenStreetMaps, height map - in Google Maps, routes data from the connecting rates of airlines and railway lines. To clarify the route, the application used Metemervis Weather Channel: The exact information about the temperature and pressure of the air helps level the influence of weather conditions on the information collected by the sensors.
In 2010, the Japanese Telecommunication Corporation KDDI was used by a similar technique: the accelerometer in the smartphone was used to surveys for employees. Data from the sensor made it possible to understand whether a person walks on the stairs or on a flat surface whether the garbage of their urns or washes the floors. In 2015, experts from Nanjing University in China used data from the accelerometer to follow the movement of people in the subway.
The location of the owner of the smartphone can be the application receiving the battery status data. Such information is capable of obtaining any application, as it does not require additional permits. Scientists from Stanford and specialists from the defense company Rafael, which were already mentioned above, developed Power Spy technology.
Determining the location of the user occurs with 90 percent accuracy due to the analysis of the battery discharge speed: so scientists determined the remoteness of the gadget from repeaters. But such accuracy is possible only if the user does not take place for the route for the first time.
In 2012, the American Military Research Center in Indiana and Scientists from Indian University has developed a Placeraider application for smartphones on Android 2.3, which could reconstruct the user's environment in 3D.
The user had to download the application with the ability to take photos and give it permission to use the camera and send them. Placeraider, working in the background, disconnected the shutter sound so as not to worry the user. Then the program in random order made photos, keeping information about the time, place and orientation of the smartphone. After filtering the photo and removing bad frames made, for example, in the user's pocket, the application sent them to the server where the 3D-model of the room was created.
To verify the effectiveness of this idea, scientists gave "infected" phones twenty volunteers who do not know about the application, and sent them to an office with various simple tasks. At the next stage, two groups of people have posted results: one - separate photos, the second - 3D models. Both groups were looking for QR codes, checks, documents, as well as calendars that attackers could use to determine when the victim would not be in a definite place.
The application for the "end user", that is, in the worst case, the criminal, and in our scientists, made it possible to bring certain parts of the frame in the best traditions of Hollywood films. In this case, a person who opened a 3D model could click on a specific point, after which the application was looking for better photos from the base made closer to the desired place. The image below shows the check number lying on the table.
The more power - the more responsibility: it needs to be remembered by the developers of smartphones and applications to them, which today open unlimited possibilities for hacking user wallets, tracking movement and definition of interests for more accurate advertising targeting. In real life, of course, most of these researchers of scientists are interesting at best scenarios of the "black mirror".
# Safety and world # security # internet # Encryption # phone surveillance # Privacy #mobile # Protection