Skip to main content

New programme can identify user’s PIN through microphone and camera

The PIN for smartphones using number-only soft keypads can be identified by a new program that uses the device's microphone and camera to ascertain the code, according to researchers from the UK.

The warning has come from a group of scientists from the University of Cambridge, who claim to have identified users' PINs through a programme called PIN Skimmer.

For four-digit PINs on the Google Nexus S and the Samsung Galaxy S3 smartphones, results showed that the programme was able to correctly work out the number more than 50 per cent of the time after five attempts.

PIN Skimmer works by monitoring the user's eye movements when entering a PIN, and listening to the clicking sound as the numbers are entered in order to detect "touch events".

The report's authors, Professor Ross Anderson and Laurent Simon, told the BBC: "We demonstrated that the camera, usually used for conferencing or face recognition, can be used maliciously.

"We watch how your face appears to move as you jiggle your phone by typing. It did surprise us how well it worked."

One way to avoid your PIN number being detected would be to make the number longer, though Professor Anderson warns that this presents problems of remembering the number for the user. Randomising the numbers on a keypad might also work, though this would cause obvious usability difficulties.

A clear solution to this problem would be the use of biometrics to identify users. According to recent research the market for mobile biometric security products and services is expected to grow significantly over the next five years, generating £5 billion revenue by 2018.