
Researchers Used Sonar Signal from Smartphone Speaker to Steal Unlock Passwords - dsr12
https://motherboard.vice.com/en_us/article/kzyd4m/researchers-used-sonar-signal-from-a-smartphone-speaker-to-steal-unlock-passwords
======
gnur
> “We expect iPhones are similarly vulnerable, but we only tested our attack
> on Androids,” Peng Cheng, a doctoral student at Lancaster University told me
> in an email.

Well, of course not. First of all, iPhones don't have unlock patterns. Which
greatly diminishes the usefulness of this approach. Also, I don't believe iOS
would allow continuous use of microphone and speaker when the screen is off.
And it is incredibly hard to sideload applications on unsuspecting users.

~~~
jrockway
I make phone calls from time to time with my iPhone. The screen is off but the
microphone and speaker are enabled.

------
ausbah
>There are nearly 400,000 possible unlock patterns on the 3x3 swipe grid on
Android phones, but prior research has demonstrated that 20 percent of people
use one of 12 common patterns. While testing SonarSnoop, the researchers only
focused on these dozen unlock combinations.

It seems to me that the effectiveness of this exploit comes more from the poor
passwords most people use than any truly “earth shattering” security flaw in
the technology.

------
elsombrero
Link to the original paper

[https://arxiv.org/abs/1808.10250](https://arxiv.org/abs/1808.10250)

------
jpalomaki
I wonder if you could use the accelometers for something similar?

Made some practise runs with my iPhone and at least with this screen size the
phone is moving when I try to mimick the unlock patterns with thumb.

------
teilo
Far easier is to just look at the smudge patterns on the screen.

~~~
have_faith
Or to just record someone putting their code in from afar.

