A group of scientists from the University of Lancaster in Britain was able to steal a smartphone’s graphic key, using its microphone and speaker. The study is published in the electronic library.
In smartphones based on Android, three systems are used to identify the owner: a fingerprint, a numeric password and a graphical key.
There are about 400 thousand ways to connect all the points on the screen of the device, and 20% of people use only the twelve most common of them.
Scientists have invented a special program SonarSnoop, which allows the user to almost certainly find out the graphic password from another person’s gadget, being away from him at a distance.
For this operation, you need the application to be installed on two smartphones. Immediately after installation, SonarSnoop automatically receives the rights to control the speaker and microphone and connects both devices. Then the program causes the speaker to play the sound at a frequency inaccessible to the person, and analyzes the data of the microphone that collects the sound reflected from the surrounding objects.
As the creators say, the program is able to analyze small changes in the position of the dynamics that arise when a person touches the screen with a finger.
It is by the nature of these oscillations that the position of the finger on the screen and the direction of its movement can be established.
The presumed code is displayed on the second device. To demonstrate the scientists used a smartphone Samsung Galaxy S4. After testing the program, it allowed to discard 70% of the key options.
The creators note that devices based on IOS can also be hacked in a similar way, but their research has so far only been conducted with smartphones based on Android.
The hacking example, similar to SonarSnoop, is called hacking by third-party channels, which use not software vulnerabilities, but physical defects of the device.
Hacking a device with a sound is called acoustic cryptanalysis. With its help, it turned out to be possible to read the text printed on the printer or keyboard, and also to analyze the operation of the computer by the sound of a fan or ultrasound produced by its motherboard.
SonarSnoop is the first example of this kind of hacking of a mobile device.