As our everyday activities shift more and more to the virtual realm, both risks and advantages emerge. The advantages are apparent, and, were it not for them, there would be no problem to discuss. Communication, work, running errands of different scale, entertaining yourself, monitoring your health and sports activity, finding your way through unknown territory, making purchases – what can’t you do on your smartphone nowadays? The convenience and time savings are incredible, but there’s always a price tag on everything, and this process is no exception.
What are the threats that a regular user going about his or her regular activities faces? First and foremost, it is the threat of privacy intrusions, which can lead to extremely dire consequences. One of the ways that data can be collected, aside from phishing apps, network sniffing, viral attacks, and many other hacking tools, there are sensor-related threats.
Types of sensors
Modern smartphones are stuffed with all kinds of sensors that are able to read incredible amounts of data related to our body, our phone usage and the environment, making them perfect access points for malicious surveillance and attacks. There are as many as 25 sensors typically installed on a modern smartphone, and their most common types are:
- Proximity (measures the distance of various objects from the touchscreen)
- Light (measures the light level at the location)
- Fingerprint/Touch ID (scans fingerprints)
- Accelerometer (measures the speed and vibration rate)
- Barometer (measures air pressure)
- Gyroscope (assesses device rotation degree and direction)
- Magnetism (evaluates the intensity of the ambient magnetic field)
- Gravity (reports the force of gravity)
The versatility provided by modern devices is amazing, and while we are mostly aware of how our data may be compromised via spying apps, the more recent development in this segment is sensor-based spying. User privacy may soon fall under another wave of new-type attacks. How can sensors give away more information about us than we would suspect?
Let’s take, for example, a set of data that would be extremely useful for potential invaders, namely, the user’s taps on the touchscreen. Seemingly innocent sensor data, such as shifts in the phone movement, easily betrays what they are typing – from passwords to intimate messages to sensitive company correspondence. The sensor-reading spyware is usually self-learning, so it’s only bound to get better at discerning your personal habits and patterns as time goes along.
While this type of malicious threat is not exceptionally widespread just yet, it’s merely a step away. Scientists have already created the apps that were thoroughly tested on volunteers, and which were able to reveal an incredible amount of information about their owners. From 70% of passwords on first guess to as many as 100% on the fifth attempt were cracked during the study conducted at Newcastle University.
Risk awareness and prevention of malicious access
Google has already removed dozens of potentially dangerous apps, which required suspicious amounts of access to sensor data seemingly unrelated to the purpose of the app itself, from its GooglePlay app store. Of course, new ones are bound to appear, and they are likely to get ever more intricate and harder to filter through, so it’s up to the user to pay attention to what is going on inside their device.
Users are generally more aware of the more apparent risks that GPS data and spying through the camera and microphone pose, rather than heeding attention to the silent sensors. However, the silent sensors do not usually require explicit user permission to read the data, unlike camera, GPS and microphone, which makes them even more open for malicious access. Combined with the ever-more increasing computational ability of central processing units, the sensor data will reveal an increasing amount of data that we would most likely want to keep private.
Now that the public is growing more aware of the threat, the next question is – how to avoid subtle spying? Can we prevent the sensors from betraying our private matters to criminals? Well, there’s quite a bit we can do, but these are the same old tips that have been recommended by security experts in the past.
- Do change passwords and PINs on a regular basis
- Uninstall unused apps
- Close all unneeded apps running in the background
- Don’t install applications from outside official app stores
- Examine permission requests from all apps before installation
- Scrutinize the app permissions already in place
- Keep your operating system up to date
- Update installed applications regularly
- Consider using fingerprint authentication whenever possible.