Last year Apple patched iOS after cyber researchers from the UK demonstrated that a malicious webpage could use iPhone sensors to detect a passcode. The technique was so accurate that the team had a 100% success rate at working out 4-digit PINs within five attempts, reports Engadget.
The attack vector was made possible, explained the study’s lead author Dr. Maryam Mehrnezhad, because mobile apps and websites were able to access sensor data without permission …
A neural network was used to identify correlations between motion sensor data and tapped PINs, and a browser Javascript exploit was used to run the malware.
More worrying, on some browsers, we found that if you open a page on your phone or tablet which hosts one of these malicious code and then open, for example, your online banking account without closing the previous tab, then they can spy on every personal detail you enter.
The team reports that Apple issued a patch to prevent the unauthorised collection of sensor data after the team presented its findings to the company. The fix was part of iOS 9.3.
Google said that it is aware of the issue, but does not yet have a fix. You can read the paper here.
Photo: MacWorld
