SonarSnoop attack could allow attackers to steal smartphones’ unlock patterns

• A smartphone’s built-in speaker and microphone could be turned into a crude sonar system, allowing attackers to steal a victim’s phone unlock pattern.
• The attack technique relies on the basic echo principle of sonar systems.

Academic researchers from Lancaster and Linkoping University have come up with a new attack technique that could provide cybercriminals the ability to steal sensitive information, such as touchscreen interactions. Dubbed ‘SonarSnoop’, the technique shows how a smartphone’s built-in speaker and microphone could be turned into a crude sonar system, which in turn could allow attackers to steal a victim’s phone unlock pattern.

Researchers demonstrated the experiment by using the basic echo principle of a sonar on Android phones. The framework relies on the phone’s speaker issueing sound waves and its microphone catching the reflections. These sound waves are generated at frequencies - 18 KHz to 20 KHz - inaudible to the human ear.

Depending on the position of the speakers and microphones, a machine learning algorithm is created to read the collected data and determine the unlock pattern.

"The received signals are represented by a so-called echo profile matrix which visualizes this shift and allows us to observe movement. Combining observed movement from multiple microphones allows us to estimate strokes and inflections," the researchers explained.

The research team used 12 unlock patterns in their experiment, with 15 unique strokes and managed to get accuracy for only 3.6 patterns. However, the study showed an accuracy of capturing phone unlock patterns of up to 70%.

Infancy

Although SonarSnoop is still in its initial stage, its accuracy is expected to improve.

"For convenience and simplicity, we do not implement the system to cope with different users interaction speeds. We use a fixed column width of the echo profile matrix to determine if there is movement," the paper explains.

SonarSnoop attack experiment can open the door to a number of new attack scenarios. Cybercriminals can use the attack technique by combining different components such as sensors and cameras. It can also be used to add malicious code to an app by gaining permission to access the microphone. The technique could also allow attackers to exfiltrate data (such as passwords, messages) from a targeted phone.