Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
Guitar Hero: 4'33"

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:
pass:
register,


       

Phone vibrates during password entry

To thwart a side-channel attack using the motion sensors
 
(0)
  [vote for,
against]

Recently it was reported a bit that a malicious smartphone app could use the phone's front-facing camera to watch the reflection in your eyeballs of your fingers typing in passwords. It's not news, really, but it was reported. Anyway, that's easy to fix: cover the camera.

A less-known method of stealing a password is to analyze the motion of the phone. Every smartphone has an accelerometer, and many have gyroscopes too nowadays. Typing on the phone's keyboard (whether a physical keyboard or an onscreen one) imparts small motions to the phone, which these sensors can detect. The motions, because they're slightly different for each key/screen location, can then be interpreted into keystrokes by machine learning or other methods. Many apps have motion sensor access, and you're not notified when they're using it in the background, so any of them could steal your passwords without your knowledge. So could the baseband, if it has motion sensor access.

One way to thwart this is to disable the motion sensor access during password entry (or even turn the sensors off in hardware to prevent access by the baseband), but a more fun (and conversation-about-security-starting) way is to run the phone's vibration motor randomly during password entry. You might as well do both, actually, if you can. You should disable/cover the back camera too, because it could also be used to detect the motion (like the visual microphone, but at a much lower frequency).

notexactly, Mar 30 2015


Please log in.
If you're not logged in, you can see what this page looks like, but you will not be able to add anything.



Annotation:







       Randomize the order of the keys on the pin entry screen. Problem solved.
Spacecoyote, Mar 30 2015
  

       // Randomize the order // Oh, but then the'll just use the front facing camera to take a picture screen using the reflection off of your eyeballs. Vibrations might blur the camera image.
scad mientist, Mar 31 2015
  

       Contact lenses with an antireflective coating might help.
21 Quest, Mar 31 2015
  


 

back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle