Hackers could theoretically hijack and use smartphones' cameras and microphones to steal users' bank details, according to researchers from Cambridge University.
Laurent Simon and Ross Anderson claimed it is possible to create malware that uses Android phones' cameras and microphones to harvest numerical PINs in a joint research paper called PIN Skimmer: Inferring PINs Through The Camera and Microphone.
The paper said the malware could be spread on its own or injected into insecure legitimate applications. Once infected, the hijacked apps could theoretically then force the microphone and camera to follow the user's taps on the screen.
"The microphone is used to detect touch events, while the camera is used to estimate the smartphone's orientation and correlate it to the position of the digit tapped by the user," explained the paper. "The mobile application collects touch event orientation patterns and later uses learned patterns to infer PINs."
The paper said the malware could be created to have a learning element that improves the attackers' chances of stealing the PIN the more times it is entered. The theory was tested using the Google Nexus S and Samsung Galaxy S3 smartphones, and the tests yielded a 50 percent success rate when detecting four-digit PINs entered more than five times.
The tactic could theoretically be used by cyber criminals to steal numerical login details for a victim's online bank account, for example. The researchers listed the theoretical attack as proof that application developers and manufacturers need to start taking security more seriously.
Attacks on smartphones are a growing problem facing businesses, especially for users of Google's Android operating system. This is because Google has chosen to leave Android open to developers, letting them tweak it and release applications outside of the official Play Store.
While the strategy boosts innovation, it also leaves it open to abuse, allowing criminals to use it to spread malware via Trojanised apps and other means. Seventy-nine percent of all mobile malware is designed to target Android, according to the most recent figures from the US Department of Defense.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago