About the talk

A range of zero-permission sensors is found in modern smartphones to enhance user experience. These sensors can lead to unintentional leakage of user private data. We combine leakage from a pool of zero-permission sensors, to reconstruct user’s secret PIN. By harvesting the power of machine learning algorithms, we show a practical attack on the full four-digit PIN space. 

Presentation from the talk
Loader Loading...
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab


Able to classify all 10,000 PIN combinations, results show up to 83.7% success within 20 tries in a single user setting. Firstly, we show that by training on several users, the PIN recovery success can be boosted, when a target user is part of the training pool. On the other hand, PIN recovery is still possible when training pool is mutually exclusive to the target user, albeit with a low success rate.

David Berend

David Berend

Technology Consultant

David Berend had been in the PACE research group, Temasek Labs at the Nanyang Technological University, Singapore in 2017. His primary focus was to explore the implications of machine learning for side channel attacks when applied to untraditional data sources such as motion and health sensors. The exploit was then applied for user PIN recovery. The work was highly covered by international media. Currently, David is working as a technology consultant, while continuing to explore further implications of artificial intelligence in the security and economic environment.