Smartphone Pin detectable with camera and microphone warn researchers

Researchers from the University of Cambridge warn in a report, that the Pin for a smart phone could be revealed by its camera and microphone.

The researchers used a programme called PIN Skimmer that helped them identify codes entered on a number-only soft keypad.

The software keeps watch on users' face via the camera and listens to clicks through the microphone as keys are pressed while typing.

According to the report's authors professors Ross Anderson and Laurent Simon, they demonstrated that the camera, usually used for conferencing or face recognition, could be used maliciously.

According to the research, the microphone was used to detect "touch-events" as users entered their Pin, which allowed it to effectively "hear" the clicks that the phone made as users pressed the virtual number keys.

The camera then estimated the orientation of the phone as the user was doing this and correlated it to the position of the digit tapped by the user.

Ross Anderson, professor of security engineering at Cambridge University, said the researchers watched how users' faces appeared to move as they jiggled their phone by typing.

He told the BBC that they were surprised how well the programme worked.

With a four-digit PIN the app could detect with 50 per cent accuracy in five attempts, while with an eight digit PIN, a success rate of 60 per cent was achieved in 10 attempts.

According to commentators, with the technology still in its development stage, it could be safely assumed that there would be further refinements and improvements in the accuracy level. The tests, conducted on a Nexus S and Samsung Galaxy S3, are now expected to be widened to other devices.

Suggestions have already been made about the best approach to counter such attempts, and while randomising the keyboard positions might work to some extent in alleviating the problem, it might be that biometrics such as the iPhone 5S' TouchID fingerprint scanner would play a more important role in the fight against telecoms fraud.

With the increasing use of smart devices as wallets, security concerns are at an all-time high, and now with such possibilities for fraud opening up, it would be up to mobile operating system developers to ensure that camera and microphone functions were disabled during unlocking operations.