Even if some shady character were to get hold of your smartphone, it wouldn't do them much good if they didn't know your PIN … right? Well, researchers from Singapore's Nanyang Technological University have created a system that correctly guesses a phone's PIN, based solely on information provided by its sensors.

Led by Dr. Shivam Bhasin, the research team "trained" the system by getting three people to each enter a random set of 70 four-digit PINs on Android smartphones. On each phone a custom app was installed, that collected data from the accelerometer, gyroscope, magnetometer, proximity sensor, barometer, and ambient light sensor.

A deep learning algorithm analyzed the data, matching up specific sensor readings with specific numbers being pressed on the onscreen keypad. "When you hold your phone and key in the PIN, the way the phone moves when you press 1, 5, or 9 is very different," explains Bhasin. "Likewise, pressing 1 with your right thumb will block more light than if you pressed 9."

When the system was subsequently tasked with guessing four-digit PINs based only on the sensor reactions, it was 99.5 percent accurate (within no more than three tries) at unlocking a phone that used one of the 50 most common PINs.

Bhasin believes it's conceivable that people could unknowingly download malware onto their phone, that utilizes such technology. After accessing the phone's sensors and learning the user's PIN, the program would transmit the information to someone who would then be able to unlock the phone.

In order to keep such a scenario from occurring, he suggests that mobile operating systems restrict access to the phone's sensors, so that users can only grant permission to trusted apps.

A paper on the research was recently published in the journal Cryptology ePrint Archive.

Source: Nanyang Technological University