Cambridage - UPI
The security PIN for a smartphone can be revealed by malicious use of its camera and microphone, British researchers are warning. Computer scientists from the University of Cambridge reported they were able to use a program called PIN Skimmer to identify a PIN code entered on a phone's on-screen keypad. The software uses the camera to watch the user's face and listens to clicks through the microphone as the user types a code; the camera estimates the orientation of the phone as the types and "correlates it to the position of the digit tapped by the user" while the microphone is used to detect "touch-events" as a user presses the virtual number keys, they said. "We demonstrated that the camera, usually used for conferencing or face recognition, can be used maliciously," researchers Ross Anderson and Laurent Simon said. "It did surprise us how well it worked," Anderson told the BBC. In tests, four-digit PINs were successfully identified 50 percent of the time after five attempts, the researchers said. Many smartphone owners use a PIN to lock their phone but such codes are increasingly used to access other types of applications on a smartphone, including banking apps. "If you're developing payment apps, you'd better be aware that these risks exist," Anderson warned.