Hidden motion sensors in mobile phones can allow criminals to steal banking details and passwords, new research indicates.
Cyber experts believe hackers can access the information simply from the way a mobile phone tilts while being held.
Researchers at Newcastle University analysed the movement of a device as the keyboard was being used and were able to crack four-digit PINs with 70 per cent accuracy on the first guess and 100 per cent by the fifth guess.
Manufacturers are aware of the problem. However, a solution has not been found, partly because there is no uniform way of managing sensors across the industry.
The team was able to identify 25 different sensors which came as standard on most smart devices and were used to give different information about the device and its user.
They found that each user touch action – clicking, scrolling, holding and tapping – induced a unique orientation and motion trace and so on a known webpage, the team was able to determine what part of the page the user was clicking on and what they were typing.
Dr Maryam Mehrnezhad, who led the research, said: “Most smartphones, tablets and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera and microphone to instruments such as the gyroscope, rotation sensors and accelerometer.
“But because mobile apps and websites don’t need to ask permission to access most of them, malicious programs can covertly ‘listen in’ on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords.”
Researchers said they had alerted all the major browser providers such as Google and Apple of the risks but so far no one had been able to come up with an answer.