EXECUTIVE SUMMARY:

A recent study by researchers at Cambridge University and Linkoping University indicates that hackers may be able to filch your passwords by listening to you tapping on your phone. As you enter account numbers and passwords, a phone’s built in microphone records the sounds of your fingers hitting the screen, “pick[ing] up the wave’s distortions that are characteristic to the tap’s location on the screen,” enabling a listener to infer the number or letter sequences that make up your passwords, your bank account number and more.

The researchers’ experiment involved handing 45 people cell phones loaded with malware. Participants were diverted to three different locations within the university’s campus, each with a different degree of background noise; a common room containing a functioning coffee machine, a reading room with computers, and a library.

Validating the researchers’ hypotheses, the tests “…showed that the attack can successfully recover PIN codes, individual letters and whole words”

Theoretically, a hacker could embed the attack in an app that could sneakily access the microphone within a phone. “Many apps ask for this permission and most of us blindly accept the list of demanded permissions anyway,” the researchers stated.

In order to prevent this type of password theft, researchers suggest that manufacturers install switches in phones so that people can switch off the mic. Alternatively, manufacturers could add in a green or white light that would indicate whether or not the mic was being used.

Read about the best way to protect your mobile device.