Cheng et al

Academics from universities in Sweden and the UK have come up with a new technique that turns a smartphone’s built-in speaker and microphone into a crude sonar system to steal phone unlock patterns from Android devices.

The general idea behind this technique –named SonarSnoop– is to use sound waves to track a user’s finger position across a screen.

The technique consists of using a malicious app on the device to emit sound waves from the phone’s speakers at frequencies inaudible to the human ear –between 18kHz and 20kHz.

What is malware? Everything you need to know about viruses, trojans and malicious software | Security 101: Here’s how to keep your data private, step by step

Just like in the case of a submarine’s sonar, the malicious app uses (the device’s) microphones to pick up the sound waves bouncing back off nearby objects, which in this case is the user’s finger(s).

Depending on the placement of speakers and microphones on a device’s case, machine learning algorithms can be built to read the collected data and determine possible unlock patterns.

In a research paper published last week, academics from Lancaster University in the UK and Linköping University in Sweden detail tests of SonarSnoop on a Samsung Galaxy S4 smartphone running Android 5.0.1.

The research team says it was able to reduce the number of possible unlock patterns by 70% using data obtained with SonarSnoop.

In its current form, SonarSnoop does not yield results as you might see in the hacking scene of Hollywood movies and does…