How you hold your smartphone can 'give away passwords and PINs to hackers'

Even the way you tilt your phone could give away vital clues, the study found. Credit: PA

The way you hold your phone could give away your PIN and passwords to hackers, new research suggests.

Cyber experts at Newcastle University say they have been able to reveal the ease with which malicious websites and apps can spy on users using the motion sensors in smartphones and tablets.

Analysing the movement of a device as the keyboard was used, they were able to crack four-digit PINs with 70% accuracy on the first guess and 100% by the fifth guess.

However, despite the industry being aware of the problem, no solution has been found, partly because there is no uniform way of managing sensors across the industry, the study explained.

Lead author of the study Dr Maryam Mehrnezhad, a research fellow in the School of Computing Science, explained that apps and website do not need to ask users' permission to access sensors, such as GPS, cameras and microphones.

The team identified 25 different sensors which are standard on most smart devices and could be used to give information about the user.

Some malicious apps and websites could still spy on you when the phone is locked, the researchers said. Credit: PA

Dr Mehrnezhad continued that this means malicious programs "can covertly 'listen in' on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords".

The researchers found that each user touch action - clicking, scrolling, holding and tapping - created a unique orientation and motion trace, and if this was done on a known webpage, a hacker would know what the user was clicking on and what they were typing.

If this were to be done on an online banking website then passwords could be cracked.

In the study published on Tuesday in the International Journal of Information Security, the team also found that if one of the malicious apps or websites are open in a tab, and the tab is not closed it can spy on the details you enter.

Dr Mehrnezhad added that even when phones were locked, if the tab remained open it could still "spy" on you.

Next the team will look at the additional risks posed by personal fitness trackers which are linked to online profiles.