Researchers stole password data using sonar

 

Researchers at Lancaster University posted a paper that demonstrated how they were able to steal a device’s unlock pattern by using the smartphone’s microphone and speaker system.

They were the first to demonstrate that an attack of this kind was even possible.

According to the researchers, their “SonarSnoop” attack worked by decreasing the number of unlock patterns an attacker must try by 70%. The action can be performed without the victim even knowing that they’re being hacked.

As this type of hack doesn’t exploit weaknesses in a targeted program, or require direct access to the target information, it is considered a “side-channel attack.”

While acoustic side-channel attacks have been demonstrated on PCs and on a variety of other internet-connected devices, this is the first time that researchers have successfully demonstrated an active acoustic side-channel attack on a mobile device.

As usual, the attack begins when a user unwittingly installs a malicious application onto their phone. Once the user downloads the infected app, the phone begins broadcasting a sound signal that is just above the human range of hearing.

The sound signal reflects off of the objects around the phone and creates an echo. The echo is then recorded by the phone’s microphone.

The researchers were able to calculate the time between the emission of the sound and the return of its echo to the source, making it possible to determine the location of an object in a given space. They could also tell whether at object is moving, which is known as sonar.

By leveraging this phenomenon, the researchers were able to track the movement of the user’s finger across the smartphone.

Although the SonarSnoop attack isn’t capable of telling exactly which pattern the user used in order to unlock the smartphone, it reduces the number of patterns that an attacker would have to try by up to 70 percent.

With a reduction of the amount of time between solar pulses, as well as exploring different signal analysis strategies, researchers believe that it may be possible to improve upon that number.

This type of attack is not known to have ever existed outside of the research lab, but it’s great to see researchers experimenting with ways to hack into our devices before the bad guys do.

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648