Introducing ‘PIN Skimmer’ – or why your smart phone’s password may be vulnerable

Posted: April 28, 2013 in Credit & Debit Card Skimming
Tags: , , , ,

pin-skimmer-a-new-threat-to-smart-phone-security“Distrust and caution are the parents of security.”
Benjamin Franklin, 1706

University of Cambridge boffins Laurent Simon and Prof. Ross Anderson have demonstrated a new vulnerability in the security features of certain smart phones. By deploying custom software – dubbed ‘PIN Skimmer’ – the device’s accelerometer and gyroscope channels can be interrogated (potentially by third parties), and in doing so it appears possible to determine probable PIN number entries.

Prof. Anderson tested his theory on the Google Nexus-S and the Galaxy S3 smart phone platforms – this week he released a report claiming actual ‘proof of concept’.

“By recording audio during PIN input, we can detect touch events. By recording video from the front camera during PIN input, we can retrieve the frames that correspond to touch events.”

“Then we extract orientation changes from the touch-event frames, and we show that it is possible to infer which part of the screen is touched by users”, explains Prof Ross Anderson.

In a 2010 survey of mobile customers, 33 percent of smart phone users cited security concerns as a main reason why they avoid using their phones to access financial accounts. (source:

It could be argued that with the advent of ‘PIN Skimmer’ their concerns are not without grounds – because many smart phone users have a PIN code not only to secure their phone, but also to unlock e-payment applications.


11 November 2013

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s