A team of security researchers from University of Cambridge revealed that the smartphone we use has the capability of capturing our Pin (Password) through the camera or microphone. These researchers made this known to the world at a program they organized tagged “Pin Skimmer”.
Google Nexus-S and the Galaxy S3 smartphones were used to carry out this test. At the program the group reveals how it works, the microphone listens to the clicks you make as you type and the camera focus on the direction of your face looking at the reflections on your face. It matches the direction of your face to the digits on your phone to know which one you are focusing on.
“We demonstrated that the camera, usually used for conferencing or face recognition, can be used maliciously,” say the report’s authors Prof Ross Anderson and Laurent Simon
The researchers had about 50% success for a four-digit pin after about five trials and 60% success for an eight-digit pin after about 10 trials. This is a big shock to so many people that heard about this.
Then there comes the question of “Which resources should remain accessible on a phone when someone is entering a sensitive PIN?”
Some suggestions were given on ways of securing your pin from been accessed by your smartphone camera and microphone.
One is to use a longer number for your Pin, but there will be a problem of “memorability and usability”.
“Randomising” the position of numbers on the keypad is also suggested but the researchers believe this would “cripple usability on phones”.
Getting rid of passwords altogether and using fingerprints or face recognition are offered as more drastic solutions.