h a l f b a k e r y
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
or get an account
Recently it was reported a bit that a malicious smartphone app could use the phone's
front-facing camera to watch the reflection in your eyeballs of your fingers typing in
passwords. It's not news, really, but it was reported. Anyway, that's easy to fix: cover the
A less-known method
of stealing a password is to analyze the motion of the phone. Every
smartphone has an accelerometer, and many have gyroscopes too nowadays. Typing on
the phone's keyboard (whether a physical keyboard or an onscreen one) imparts small
motions to the phone, which these sensors can detect. The motions, because they're
slightly different for each key/screen location, can then be interpreted into keystrokes by
machine learning or other methods. Many apps have motion sensor access, and you're not
notified when they're using it in the background, so any of them could steal your
passwords without your knowledge. So could the baseband, if it has motion sensor access.
One way to thwart this is to disable the motion sensor access during password entry (or
even turn the sensors off in hardware to prevent access by the baseband), but a more fun (and
conversation-about-security-starting) way is to run the phone's vibration motor randomly
during password entry. You might as well do both, actually, if you can. You should
disable/cover the back camera too, because it could also be used to detect the motion
(like the visual microphone, but at a much lower frequency).
||Randomize the order of the keys on the pin entry screen.
||// Randomize the order // Oh, but then the'll just
use the front facing camera to take a picture screen
using the reflection off of your eyeballs. Vibrations
might blur the camera image.
||Contact lenses with an antireflective coating might