Beware: Censor the sensors of your smartphone

By Balamurugan Selvaraj Published on Apr 15, 2017 03:44 PM IST

An alert for all smartphone users: While using a smartphone, the most common issue arises will be the permission issues of sensors. Many users grant all permission in the early stage to avoid intervention during apps usage. And in some smartphones, permissions of sensors working is not even asked.

Though you may think what can these sensors do, they are just for apps efficient usage and whether is it a problem to grant all permission?

The answer is yes, it's a problem and even it may lead some financial problem, in case you're an online banker. Recent research on' Stealing pins via Moble sensors' UK researchers Maryam Mehrnezhad, Ehsan Toreini, Siamak F Shahandashti, Feng Hao found that such as GPS, camera, microphone, accelerometer, magnetometer, proximity, gyroscope, pedometer, and NFC are vulnerable to hacking, either through app, lock screen or any malicious website.

It has to be noted that, through sensors-passwords entered on banking website, apps can be looted through malicious Java script file which has the ability to access those sensors and log the usage data. After this, the  Java script will be embedded in a mobile app or it will be hosted through website without user knowledge.

While typing, a malicious website will be running behind the banking app or website. Then this malicious script will continue to access data by monitoring the phone's sensors like angle and motion, passwords and banking pin can be found through probability and a little guess.

As I told earlier, researches guessed 74 per cent of four digit ATM pin in their first try and on the fifth try, they successfully found the 100 per cent accurate ATM pin of the targeted victim with the permission of the user.

Mehrnezhad said, "Despite the very real risks, when we asked people which sensors they were most concerned about we found a direct correlation between perceived risk and understanding. So, people were far more concerned about the camera and GPS than they were about the silent sensors."

"More worrying, on some browsers, we found that if you open a page on your phone or tablet which hosts one of these malicious codes and then open, for example, your online banking account without closing the previous tab, then they can spy on every personal detail you enter," he explained.

Also, to avoid the issues some of the solutions are listed by those researchers.

* Make sure to change PINs and passwords regularly so malicious websites can’t start to recognise the pattern.

* Close background apps while not using them and uninstal unnecessary ones.

* Keep the phone's operating system and apps as updated.

* Instal applications from approved app stores and audit the permissions of the apps in smartphone, scrutinise the permission requested by apps before installation and choose alternatives with more sensible permissions if needed.