This article is about an attack devised by security researchers to access motion and orientation sensors using JavaScript code to server malicious code through HTML based iframe tags on legitimate sites. The JavaScript can then accurately infer characters being entered into the devices by listening in through advert banners or open tabs.
The attacks that were demonstrated are most useful at guessing digits in four-digit PINs and have a 74-percent accuracy the first time it’s entered and a 94-percent chance of success by the third try.
The success of these attacks varied by browser. Mozilla and iOS have released update to mitigate these attacks. Google Chrome has not yet released a fix, but has acknowledged the issue publicly.
Leave a Reply
You must be logged in to post a comment.