Your phone’s lockscreen code can be stolen via its speakers
Smartphone speakers are tinny. They break easily and, to top off our quibbles, they’re now vulnerable to hacking. Researchers at the University of Lancaster successfully conducted a “SonarSnoop” attack, as it’s been dubbed, allowing them to nick a phone’s lockscreen code using the phone’s microphone.
The attack comes as a landmark insight into the vulnerability of smartphone speakers; it’s the first of its kind, demonstrating that this level of infiltration is even possible. That being said, you needn’t deactivate your speakers anytime soon, with experts advising that the average person needn’t worry about being hacked.
READ NEXT: How to protect your phone from hackers
The hack in question reduces the number of unlock patterns potential hackers must try by a considerable 70%, by using the acoustic signature of a device. Acoustic side-channel attacks permit attackers to use secondary information to improve their chances of cracking the code. This provides a much faster route to gleaning a passcode, as hackers aren’t reduced to using brute force to attempt every combination conceivable.
This isn’t the first time that acoustic side-channel attacks have come to the fore in the world of tech security. PCs and a number of internet connected devices have fallen victim to them in the past; researchers have previously been able to work out the contents of a printed piece of paper via an internet-connected printer. There are even more dystopian futuristic examples, too; one team was able to reconstruct a 3D-printed object using the sounds emitted by a 3D printer.
This instance is different, however, as it’s the first time an active acoustic side-channel attack has taken place on a mobile device, as opposed to a passive one. In other words, this time, the device itself is forced to emit particular sounds, helping the hacker crack the passcode.
The device used in Lancaster University’s sonar attack is the Samsung Galaxy S4, a 2013 Android smartphone. It’s not a perfect system, not by a long shot, but it does reduce the number of tries needed to infiltrate a locked phone by 70%. That’s some time-efficient hacking.
That being said, the smartphone industry’s burgeoning use of fingerprint scanning and technologies such as Apple’s Face ID mean the discovery is of waning importance, as zig-zag or alphabetical and numerical passcodes go out the window. Nonetheless, it’s a landmark discovery that serves as an all-too-timely reminder of the precariousness and vulnerability of technological security.