3. PINs and passwords can be stolen just by watching the way a phone tilts

PINs and passwords can be stolen just by watching the way a phone tilts

Honestly, I don't think I am. This is a rather new resurgence, but within a short enough time frame, this will be possible with greater accuracy, especially with large enough data samples. Passwords are a repeated pattern, it's not too difficult to look for them. Once then compared to other known user input and sensor data, generating an accurate, or even close estimate, becomes reasonable. Obviously this isn't going to be a widespread exploit tomorrow, but this is the tip of the iceberg. The use of phone sensors to decipher sensitive information will grow substantially.

No, they wouldn't, as I indicated in my initial reply. This is really basic web development here. Mobile web pages are not active when they are not the foreground tab in the foreground app, so unless you're on the actual web page it would not be able to read any data.

Yes, in my contrived scenario, the webpage is on the foreground. You would be logging into a website in which you needed to enter your password. A malicious script could be listening and recording sensor data during this ordeal.

/r/netsec Thread Parent Link - arxiv.org
Previous
Next

Recently removed from /r/netsec

Tracking Anonymized Bluetooth Devices via BLE security flaw PoC || GTFO 0x19 (Github Mirror) /r/netsec's Q1 2019 Information Security Hiring Thread The /r/netsec Monthly Discussion Thread - December 2018 /r/netsec's Q3 2018 Information Security Hiring Thread Simple hack bypasses iOS passcode entry limit, opens door to brute force hacks Google bug bounty for security exploit that influences search results Cybereason RansomFree detects and blocks WannaCry using behavioral based detection (video link, details in comment) Bella: A pure python, post-exploitation, data mining tool and remote administration tool for macOS. 2015 Vice article reveals Spotify allows for brute-force password collection. There is still no login failure/password reset to this day. More details in comments. Cryptkeeper Sets the same password "p" for everything independently of user input /r/netsec's Q1 2017 Information Security Hiring Thread A Formal Security Analysis of the Signal Messaging Protocol [PDF] Warberry Pi- Tactical Exploitation Multiple 7-Zip Vulnerabilities Discovered by Talos

More Random Comments

WIBTA for splitting the will 60% for one child and 20% each for the other two? Thanksgiving depression Brooklyn Bridge BUY/SELL/TRADE Monthly Sticky Official Discussion: The Irishman [SPOILERS] You (probably) do NOT have bipolar disorder. Vologda, city in Russia Time complexity of traversing a 2d array Is intense chemistry rare? Andrew Yang calls MSNBC out over unfair coverage. Facts Only [Weekly Genning Requests Thread] November 24, 2019 [Meta] Black Friday 2019 Discussion Thread AITA for wanting biological children when I risk passing a mental illness onto them? How do I overcome the urge to apologize for my appearance every time I meet someone?