Modern smartphones offer the user a lot of opportunities, but also expose personal data like passwords and credit card numbers at risk of being stolen. Of course, there are many options to protect your device from antivirus programs to embedded systems passwords. And, as it turned out, quite easy to crack using regular speaker and microphone.
Outset that in this case we are talking about devices running the Android operating system. Built-in password protection feature or pattern (when you need to spend points in a particular sequence) has several hundred thousand variants of this pattern, however, according to studies, about 20% of users use 1 of the 12 most common ways to “connect the dots”.
The 12 most common types of passwords
But it will, in fact, not all about them. Using data on the most widely used variations, a group of researchers created a program called SonarSnoop. At its core it just went to data input methods, and more specifically, about how sound is reflected from the finger of the user during password entry. The principle of the application is extremely simple: after installation, the program gets right to the speaker control and microphone. Then the speaker starts to constantly lose the sound set at a frequency that is not able to capture the human organ of hearing. But it is able to capture the device’s microphone.
The algorithm of the application “hears” even the slightest distortion to the sound, enveloping the fingers of the person entering the password and recognize the sounds even if you change the position of objects around the speaker. Thanks to the received data it is possible very accurately to build the direction of movement of the finger on the screen. The digital input ordinary password to recognize, even easier than the one you want to “draw”. To test the functionality of its technology, the developers used a Samsung Galaxy S4. The algorithm, though not immediately allowed to hack the device, but it helped to narrow it down to 3 keys out of 12. In other words, he was able to discard about 75% of wrong answers.
The developers do not exclude the possibility of using the same vulnerability and Apple smartphones, but the test was not conducted. The danger of this method lies in the fact that it uses the built-in device functions and programs of this kind do not contain malicious code, so they are very difficult to calculate.
How do you feel about privacy? Use 1 of the 12 most common passwords? Tell us about it in our telegram chat.
Hack the phone using speaker and microphone? Easy!
Vladimir Kuznetsov