Researchers from universities in Sweden and the UK have discovered a new method to turn the built-in speaker and the microphone from a smartphone into a crude sonar system that steals unlock patterns from Android Devices. The method was named SonarSnoop as it uses sound waves to track a user’s finger position across the screen.
The technique mainly consists of a malicious app on the device that emits sound waves from the phone’s speakers at inaudible frequencies to the human ear (18kHz – 20 kHz).
The malicious app uses the device’s microphone to pick up the sound waves and bounce to nearby objects which in this case are the user fingerprints. The Machine Learning Algorithms employed in the malicious application determines the possible unlock patterns. A research paper has been published in Lancaster University in the UK and Linköping University in Sweden which detailed the testing of SonarSnoop on a Samsung Galaxy S4 running Android 5.0.1.
