On Thursday, a group of researchers from Lancaster University posted a paper to arXiv that demonstrates how they used a smartphone’s microphone and speaker system to steal the device’s unlock pattern.
Although the average person doesn’t have to worry about getting hacked this way any time soon, the researchers are the first to demonstrate that this kind of attack is even possible. According to the researchers, their “SonarSnoop” attack decreases the number of unlock patterns an attacker must try by 70 percent and can be performed without the victim ever knowing they’re being hacked.
In the infosec world, a “side-channel attack” is a type of hack that doesn’t exploit weaknesses in the program ultimately being targeted or require direct access to the target information. In the case of SonarSnoop, for example, the information the hacker is looking for is the phone’s unlock password. Instead of brute forcing the password by trying all the possible combinations or looking over the person’s shoulder, SonarSnoop exploits secondary information that will also reveal the password—in this case, the acoustic signature from entering the password on the device.
Acoustic side-channel attacks have been widely demonstrated on PCs and a variety of other internet connected devices. For example, researchers have recovered the data from an air gapped computer by listening to it’s hard drive fan. They’ve also been able to determine the contents printed on a piece of paper by an internet-connected printer and reconstructed a printed 3D object based on the sounds of a 3D printer. In most cases, these are passive side-channel attacks, meaning an attacker is just listening for sounds naturally produced by the devices. This is the first time, however, that researchers have successfully demonstrated an active acoustic side-channel attack on a mobile device, which forces the device itself to emit certain sounds.
There are nearly 400,000 possible unlock patterns on the 3x3 swipe grid on Android phones, but prior research has demonstrated that 20 percent of people use one of 12 common patterns. While testing SonarSnoop, the researchers only focused on these dozen unlock combinations.