fbpx

Research from Newcastle University in the U.K. has shown how malicious websites can use the motion sensors in mobile phones to uncover PINs and other information. (Rich Pedroncelli/Associated Press)

New research reveals hackers can use sensor technology to gather all kinds of data

A new study has revealed just how easy it is for hackers to use the sensors in mobile devices to crack four-digit PINs and to access a wide variety of other information about users.

Cyber-security experts from Newcastle University in the U.K. found that once a mobile user visits a website, code embedded on the page could then use the phone's motion and orientation sensors to correctly guess the users' PIN. This worked on the first attempt 75 per cent of the time, and by the third try 94 per cent of the time.

The study, published in the International Journal of Information Security this week, also found that most people have little idea of what the sensors in our phones can do and the security vulnerabilities they pose.

The researchers identified 25 different sensors that are now standard on most phones. Yet websites and apps only ask for permission to use a small fraction of these — GPS and camera, for example.

Downside of fitness tracking

"A lot of these sensors came to help people have a better experience when they work with these devices, and they bring a lot of advantages to our lives," said Maryan Mehrnezhad, a research fellow in Newcastle's school of computing science and lead author of the paper.

track fitnessThe sensors that enable popular fitness-tracking apps contribute to security risks. (Getty Images)

Examples of these include the accelerometer and gyroscope sensors that enable the fitness-tracking apps so popular with cellphone users.

Yet the sensor technology is well ahead of any regulatory restrictions pertaining to our privacy, said Mehrnezhad in an interview with CBC News.

She and her colleagues mimicked what's known as a "side channel attack" on Android mobile phones using a website embedded with JavaScript code.

The results show that the attack site could learn details such as the timing of phone calls, whether the user is working, sitting or running, as well as any touch activity, including PINs, she said.

Underestimating risk

The second part of the study evaluated people's understanding of these risks.

Interviews with around 100 mobile users found that most people are not aware of the sensors on their mobile devices, said Mehrnezhad, and that there is "significant disparity" between the actual risk and perceived risk of having a compromised PIN.

In fact, as the sensors were being developed, even the phone manufacturers didn't have a clear understanding of the risks associated with them, said Urs Hengartner, an associate professor in computer science at the University of Waterloo.

"Everybody thought that accelerometer data and gyroscope data is not sensitive, so there's no need to ask for permission. Now research shows that it is an issue," said Hengartner in an interview with CBC News.

"These are security researchers that figured this out, and so nobody else seems to have known, not the browser vendors, not the operating system vendors and definitely not the general public."

Solving the problem is "a big research challenge," he said, in part because users may not understand the implications of what they're being asked by an app or website and may simply default to saying yes.

Decision fatigue

Research has shown that when people get tired of being asked for permission, they default to saying yes so they can access the website they want to visit or use the app they need, said Hengartner. 

Some browsers have begun asking for permissions for things like location data, but there is no uniform standard for doing so, he said.

As study author Mehrnezhad notes, tech companies also don't want to sacrifice the convenience and functionality we've come to expect of our mobile devices.

"It's a battle between security and privacy on one hand and usability issues on the other hand," she said — and it's only going to get more important.

"Sensors are going to be everywhere. The problem will get more serious when smart kitchens, smart homes and smart cities are connected via the internet of things," she said.

Preventive measures

It sounds obvious, but the first step users should take to protect themselves is to choose more complex passcodes. Previous research has found that 27 per cent of all possible four-digit PINs belong to a set of 20 that include dead-easy combinations such as "1111" or "1234," said Mehrnezhad.

"I know people hate it because it's not convenient," she said, but it's also critical to change your passwords regularly.

In addition, keep your operating systems up to date, only download apps from trusted sources like Google Play or the App Store, delete apps you're not using, and close both apps and browser tabs when you're done using them, she said.

Source :  cbc.ca

Categorized in Science & Tech

A mysterious crack has been spreading across a giant Greenland glacier, and it's raising concerns that part of the floating ice shelf could splinter off into the ocean.

That's bad.

Scientists with the NASA field campaign Operation IceBridge recently captured the first photographs of the growing rift while flying over Petermann Glacier, a structure that connects the Greenland ice sheet to the Arctic Ocean.

nasa_2.jpg

The new chasm appears in the center of the glacier's floating ice shelf — the tongue of ice that extends into the water from the grounded glacier on land.

In the photos, the crack appears relatively close to a larger rift spreading toward the shelf's center. Should the two intersect, part of the ice shelf in northwest Greenland could potentially break off.

A portion of the new rift on Petermann Glacier's floating ice shelf is shown near the bottom center. The older rift appears near top center. The shaded feature, near the bottom center, is the "medial flowline.

nasa3.jpg
A portion of the new rift on Petermann Glacier's floating ice shelf is shown near the bottom center. The older rift appears near top center. The shaded feature, near the bottom center, is the "medial flowline."
More
Image: NASA/Kelly Brunt

There may be a savior for the shelf. A "medial flowline" in the ice could have a "stagnating effect" on the newer rift, helping to slow or halt its advance toward the older chasm, scientists with Operation IceBridge said on Facebook.

Stef Lhermitte, a professor at Delft University of Technology in the Netherlands, first alerted the NASA team to the crack's coordinates after spotting it in satellite images, Washington Post reported.

Polar-orbiting satellites showed the chasm for the first time in July 2016, and "it has been growing since then," Lhermitte said on Twitter.

 

While scientists still aren't sure what caused the crack to form, Lhermitte said a possible culprit might be "ocean forcing," a phenomenon that happens when warm ocean waters melt the ice from underneath.

Ocean forcing might have been a culprit in creating cracks in another part of the world. Researchers believe it caused deep subsurface cracks to form in Antarctica's Pine Island Glacier, a recent study found. There a 20-mile-long rift eventually split the ice from the inside out and cleaved off a 225-square-mile iceberg in July 2015.

Many of the glaciers in Greenland and Antarctica that end in floating ice shelves have been shrinking due to warming ocean and air temperatures.nasa4.jpg

Petermann Glacier's east wall near the terminus of the floating ice shelf.
More
Image: NASA/John Sonntag

When ice shelves break off into icebergs it doesn't directly increase sea levels, because the ice is already floating in the ocean, like an ice cube in a glass.

However, because the ice shelves act like doorstops to the land-based ice behind them, if the shelves disappear, the glaciers can start moving into the sea. This would add new water to the ocean and therefore raise sea levels.

In the case of Antarctica's Pine Island Glacier, researchers said that warming waters causing cracks to form beneath "provides another mechanism for rapid retreat of these glaciers, adding to the probability that we may see significant collapse of West Antarctica in our lifetimes."

Greenland, Antarctica, the message is we're all probably doomed.

Source : yahoo.com

 

Categorized in Science & Tech

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media