How secure do you think are your Smartphone PINs ?
Every thought how difficult it would for the attackers to steal ur PINs ?
What if they could be stolen very easily ? Your privacy is completely at stake.....
Let's check out how...
The researchers have discovered an attack that stealthily collects all the sensor information from your smartphone. By accessing these accelerometer and gyroscope sensors, the JavaScript measures even small changes in a phone's angle, rotation, movement speed, and similar characteristics. This data assists in revealing sensitive information about the phone and its user, including the precise start and end of each phone call, if the person using it is stationary, walking, running, on a bus, in a car, or on a train (based on the speed of movement). The keylogging attacks are successful enough to guess the 4-digit PINs 74% correctly in the first attempt and 94% correctly in the third attempt.
The attack doesn't require installation of any malicious apps. Users just need to open a malicious webpage and enter the characters before closing it. The risk increases exponentially when you visit websites which host malicious advertisements (malvertisements) through your mobile. The user-entered data could be captured just by standard JavaScript code that accesses motion and orientation sensors built into virtually all iOS and Android devices.
Browser provided by Baidu had greatest access to sensors. Hence, on accessing a malicious webpage, the browser gave away all the sensitive sensor information. The sensor information was accessible even when the malicious page was loaded directly on an active tab or as an iframe when the device screen was locked.
Chrome on iOS gave away all the sensor information on accessing the malicious ad on a website or on accessing a malicious site on an iframe. Chrome on Android gave away all the sensor information only when the malicious sites were accessed on a tab or an iframe. Google browser on iOS blocked all accesses to sensor information. Firefox for Android and Safari for iOS gave away all the sensor data while accessing the malicious ad or a naive website or on accessing a malicious site on a tab or in an iframe.
Every thought how difficult it would for the attackers to steal ur PINs ?
What if they could be stolen very easily ? Your privacy is completely at stake.....
Let's check out how...
The researchers have discovered an attack that stealthily collects all the sensor information from your smartphone. By accessing these accelerometer and gyroscope sensors, the JavaScript measures even small changes in a phone's angle, rotation, movement speed, and similar characteristics. This data assists in revealing sensitive information about the phone and its user, including the precise start and end of each phone call, if the person using it is stationary, walking, running, on a bus, in a car, or on a train (based on the speed of movement). The keylogging attacks are successful enough to guess the 4-digit PINs 74% correctly in the first attempt and 94% correctly in the third attempt.
The attack doesn't require installation of any malicious apps. Users just need to open a malicious webpage and enter the characters before closing it. The risk increases exponentially when you visit websites which host malicious advertisements (malvertisements) through your mobile. The user-entered data could be captured just by standard JavaScript code that accesses motion and orientation sensors built into virtually all iOS and Android devices.
Browser provided by Baidu had greatest access to sensors. Hence, on accessing a malicious webpage, the browser gave away all the sensitive sensor information. The sensor information was accessible even when the malicious page was loaded directly on an active tab or as an iframe when the device screen was locked.
Chrome on iOS gave away all the sensor information on accessing the malicious ad on a website or on accessing a malicious site on an iframe. Chrome on Android gave away all the sensor information only when the malicious sites were accessed on a tab or an iframe. Google browser on iOS blocked all accesses to sensor information. Firefox for Android and Safari for iOS gave away all the sensor data while accessing the malicious ad or a naive website or on accessing a malicious site on a tab or in an iframe.
No comments:
Post a Comment