Thursday 14 November 2013

Hackers could turn Android phones into PIN-harvesting spy tools

A man in an alleyway using a mobile phone
Hackers could theoretically hijack and use smartphones' cameras and microphones to steal users' bank details, according to researchers from Cambridge University.
Laurent Simon and Ross Anderson claimed it is possible to create malware that uses Android phones' cameras and microphones to harvest numerical PINs in a joint research paper called PIN Skimmer: Inferring PINs Through The Camera and Microphone.
The paper said the malware could be spread on its own or injected into insecure legitimate applications. Once infected, the hijacked apps could theoretically then force the microphone and camera to follow the user's taps on the screen.
"The microphone is used to detect touch events, while the camera is used to estimate the smartphone's orientation and correlate it to the position of the digit tapped by the user," explained the paper. "The mobile application collects touch event orientation patterns and later uses learned patterns to infer PINs."
The paper said the malware could be created to have a learning element that improves the attackers' chances of stealing the PIN the more times it is entered. The theory was tested using the Google Nexus S and Samsung Galaxy S3 smartphones, and the tests yielded a 50 percent success rate when detecting four-digit PINs entered more than five times.
The tactic could theoretically be used by cyber criminals to steal numerical login details for a victim's online bank account, for example. The researchers listed the theoretical attack as proof that application developers and manufacturers need to start taking security more seriously.
Attacks on smartphones are a growing problem facing businesses, especially for users of Google's Android operating system. This is because Google has chosen to leave Android open to developers, letting them tweak it and release applications outside of the official Play Store.
While the strategy boosts innovation, it also leaves it open to abuse, allowing criminals to use it to spread malware via Trojanised apps and other means. Seventy-nine percent of all mobile malware is designed to target Android, according to the most recent figures from the US Department of Defense.

2 comments:

  1. Thanks for sharing. I never thought about it. Recently I started use this software http://copy9.com/android-spy-apps/. I advise you to try. I'm on my experience I would say that I am calmer in my soul that I know where my children are. I do not wish that my children have got into bad company. Therefore it is necessary to go to extremes.

    ReplyDelete
  2. I did everything just like in this manual, but nothing works for me, hopefully I have found this great application https://9spyapps.com/hidden-call-recorder/. I may recommend it safely for everyone.

    ReplyDelete