Hackers Can Steal Your Passwords Just by Monitoring SmartPhone Sensors
Your Phone doesn't Restrict Apps from Accessing Sensors' Data
Your smartphone apps usually ask your permissions to grant them access to sensors like GPS, camera, and microphone.
But due to the boom in mobile gaming and health and fitness apps over the last few years, the mobile operating systems do not restrict installed apps from accessing data from the plethora of motion sensors like accelerometer, gyroscope, NFC, motion and proximity.
Any malicious app can then use these data for nefarious purposes. The same is also true for malformed websites.
"Most smartphones, tablets and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera, and microphone to instruments such as the gyroscope, proximity, NFC, and rotation sensors and accelerometer," Dr. Maryam Mehrnezhad, the paper's lead researcher, said describing the research.
"But because mobile apps and websites don't need to ask permission to access most of them, malicious programs can covertly 'listen in' on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords."
Ref : http://thehackernews.com/2017/04/phone-sensor-password-hacking.html
The problem with the article is that it doesn't take into account the fact that Android users have had control of sensor access since 6.0 Marshmallow. This information is really more applicable to iPhone users. For those of us that actually know how to modify our phones bootloader, gain root access, and enable developer options we have had this capability for quite some time. Good to spread awareness tho.