

Smartphone PIN revealed by camera and microphone - ollymorgs
http://www.bbc.co.uk/news/technology-24897581

======
wadetandy
It seems to me that if an attacker can get access to your microphone and
camera, you have way bigger problems and they don't need your PIN at all.

~~~
jpindar
So never install any apps that use the camera and microphone? Putting your
finger over the camera when entering a PIN seems more practical.

~~~
wadetandy
But these apps shouldn't be running/accessing those devices when your phone is
locked. If the apps can manage to get around that permissioning issue then
they can control a lot of things directly, most likely, and don't need your
PIN for much.

------
kamjam
_Getting rid of passwords altogether and using fingerprints or face
recognition are offered as more drastic solutions._

Despite all the recent hoo-ha of how the iPhone 5S took mere days to
circumvent the fingerprint reader using some latex and glue.

~~~
trebor
To bypass the iPhone 5S fingerprint scan requires both access to the physical
phone, and a high quality fingerprint. And getting the latter as a very high
DPI scan is no mean feat. And then you need a latex printer with the same 500+
DPI resolution to compromise the device.

Security researchers have yet to comment on if the iPhone 5S can be remotely
compromised to expose the fingerprint data.

A pin, using the described method, can be captured by just about any app on
Android with enough permissions to activate the camera. And I've seen quite a
few applications that ask for far more authority than they need. All the
application needs to do is run a service in the background and observe the
motion of the phone.

------
joshbaptiste
Interesting, although on Android I prefer using a pattern pin anyway.

------
Someone
So, the next step is to use the camera and microphone on your phone to detect
the PIN on the phone that somebody standing next to you uses. With a
directional microphone, a good video camera and some smart gonio to
reconstruct eye position relative to the screen it should be possible to
detect the PIN even if the screen isn't visible in the shot.

------
trebor
I wonder how this would compensate for arbitrary movement of the phone. You
could choose a pattern, or randomly tilt the phone as you press/slide.

I'm pretty sure that if you're hurried and forget, the software could easily
deduce the pin.

