Short PIN codes putting phones at risk, researchers say

Hackers can crack a smartphone’s PIN using sensors on the device

A longer PIN will make your phone more secure, researchers say. Photograph: iStock
A longer PIN will make your phone more secure, researchers say. Photograph: iStock

Got a new smartphone for Christmas? You may want to change your security PIN.

Smartphone owners are being advised to use additional security measures on their phones after scientists were able to unlock some of the devices with 99.5 per cent accuracy.

Researchers from Nanyang Technological University (NTU) in Singapore developed machine-learning technology that can use data from the sensors in Android smartphone to uncover their security numbers.

The team said their technique can be used to guess all 10,000 possible combinations of four-digit codes.

READ MORE

Using a combination of information gathered from six different sensors found in smart phones and state-of-the-art machine learning and deep learning algorithms, the researchers succeeded in unlocking Android smart phones with a 99.5 per cent accuracy within only three tries, when tackling a phone that had one of the 50 most common PIN numbers.

They said their work highlights a “significant flaw” in smartphone security that could be exploited by hackers, as using the sensors present in the phones “require no permissions to be given by the phone user and are openly available for all apps to access”.

The previous best phone-cracking success rate was 74 per cent for the 50 most common pin numbers, but NTU’s technique guessed all 10,000 possible combinations of four-digit PINs.

Professor Gan Chee Lip, of NTU Singapore, said: “Along with the potential for leaking passwords, we are concerned that access to phone sensor information could reveal far too much about a user’s behaviour.

“This has significant privacy implications that both individuals and enterprises should pay urgent attention to.”

Dr Bhasin advises users to opt for PIN codes with more than four digits and use additional authentication methods such as one-time passwords as well as fingerprint or facial recognition systems.