Hackers could theoretically hijack and use smartphones' cameras and microphones to steal users' bank details, according to researchers from Cambridge University.
Laurent Simon and Ross Anderson claimed it is possible to create malware that uses Android phones' cameras and microphones to harvest numerical PINs in a joint research paper called PIN Skimmer: Inferring PINs Through The Camera and Microphone.
The paper said the malware could be spread on its own or injected into insecure legitimate applications. Once infected, the hijacked apps could theoretically then force the microphone and camera to follow the user's taps on the screen.
"The microphone is used to detect touch events, while the camera is used to estimate the smartphone's orientation and correlate it to the position of the digit tapped by the user," explained the paper. "The mobile application collects touch event orientation patterns and later uses learned patterns to infer PINs."
The paper said the malware could be created to have a learning element that improves the attackers' chances of stealing the PIN the more times it is entered. The theory was tested using the Google Nexus S and Samsung Galaxy S3 smartphones, and the tests yielded a 50 percent success rate when detecting four-digit PINs entered more than five times.
The tactic could theoretically be used by cyber criminals to steal numerical login details for a victim's online bank account, for example. The researchers listed the theoretical attack as proof that application developers and manufacturers need to start taking security more seriously.
Attacks on smartphones are a growing problem facing businesses, especially for users of Google's Android operating system. This is because Google has chosen to leave Android open to developers, letting them tweak it and release applications outside of the official Play Store.
While the strategy boosts innovation, it also leaves it open to abuse, allowing criminals to use it to spread malware via Trojanised apps and other means. Seventy-nine percent of all mobile malware is designed to target Android, according to the most recent figures from the US Department of Defense.
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally