Hackers and hacks

Hackers can crack PIN codes by using the smartphone’s motion sensors

The researchers from Newcastle University have discovered that hackers can use the smartphone motion sensors to infer security PINs.

A regular smartphone has a lot of sensors, including: GPS, camera, microphone, fingerprint reader, accelerometer, gyroscope, light sensors, magnetometers, barometers, proximity sensors, thermometers and air humidity sensors, so a malicious software or website can collect a lot of personal data by reading the output of these sensors.

In this case, the motion and rotation sensors could be used to reveal touch actions, permitting skilled hackers to bypass PIN security.

The researchers used 10 smartphone users and asked them to enter 50 four-digit PINS five times on each website. In the first attempt, the network guessed 70% of the correct PINS, while in the fifth try they bypassed the PINs with 100% success rate.

The math tells us that there are 10.000 combinations that can be set with four-digit PINs, so there are 2% chances of guessing the PIN from the first attempt.

This being said, a hacker that installed a rogue app on the smartphone or lured the user to an infected website that runs JavaScript malicious code in the tab where the PIN is inserted. Many PIN codes are made of common sequences like 1234, 0000, 1000 or birth dates, so they can be bypassed by guessing.

The way the users holds the phone, scrolls and taps on it generates data that can used to crack PINs.

A security measure would be to add permissions on sensor actions, so that the users can manually deny infected apps or sites to use those sensors. It is a good habit to change the PINs regularly and study application permissions before installations.

For more information, see this post on one of the Sophos websites.

Hackers can crack PIN codes by using the smartphone's motion sensors

Hackers and hacks

Meet the rensenware ransomware – a ransomware that asks the users to play a game to unlock their data

The guys from the Malware Hunter Team have discovered the rensenware ransomware, a different type of malware, one that requires the victims to play a game and get a top score in order to get their files back.

It encrypts the documents, music files, pictures and personal user files but it does not ask the users to pay a bitcoin ransomware. Instead, the virus forces them to play a difficult game. The users have to reach the 0.2 billion score in LUNATIC level of TH12 – Undefined Fantastic Object and this may be a difficult mission for those who do not have gaming capabilities.

After the hacker (Tvple Eraser) created the rensenware ransomware he has also released an apology on Twitter, because he felt bad about it. The hacker has created an decryption tool and removed the rensenWare code from Github, in order to help the victims recover their data without having to win the game.

The hacker’s decrypting tool tricks the game’s memory directly, getting around the malware’s encryption without playing the game.

As a replacement for the initial ransomware, the hacker has uploaded the code without the encrypting part, as a joke.

For more information, see this article from If you want to be in touch with our other ransomware and related articles, follow the ransomware tag.