Another day, another new security threat, only this time it comes from the unlikeliest of places. You know that accelerometer thingy in your smartphone – the sensor that makes sure the screen is always the right way up? Well, apparently it’s so incredibly ‘sensitive’ that it could potentially be holding secrets that hackers can exploit to guess your passwords and pin codes.

The new threat was discovered by researchers at Swarthmore College in Pennsylvania, who successfully carried out attacks on smartphones by using data gathered from hacked accelerometers. Dr. Adam J Aviv, who led the research, told the BBC that accelerometers were unique in that they had far more freedom to collect data from phones than most apps are given, and that this data could be used to “guess” what user’s passwords might be.

One of the problems with accelerometers is that they’re always ‘on’, collecting data as the phone is moved from side-to-side, forwards and backwards, flipped upside down and so on. What most people fail to realize however, is that accelerometers can read a great deal more than these basic movements – they can also record more subtle gestures such as when users tap the touchscreen on their smartphones to enter a password, pin number or ‘pattern’ to unlock a device or app.

Dr. Aviv theorized that it might be possible to screen accelerometer data and use this to try and crack users’ passwords. He did so by cross-referencing the data with a larger “dictionary” of taps and swipes that had been previously gathered, before using special software to try and guess which data might relate to passwords. The results are quite alarming, with the software able to identify pins 43% of the time after five guesses, while ‘patterns’ were spotted 73% of the time in the same test.

It should be noted that smartphones are not as weak as all that. The phones used in the initial tests were ‘static’ – they hadn’t moved around much. When the experiment was repeated using smartphones whose owners had been walking around with the devices in their pockets, the accelerometers picked up a lot more ‘noise’ that made it tougher to guess what the pins and patterns might be.

Dr. Aviv’s findings are worrying on a much broader scale though, given that most smartphones contain dozens of sensors that are not subject to the same security measures used to control applications and other functions. Whereas apps need to ask for permission to access or gather data from the phone, sensors will do so automatically, a fact that most users fail to realize.

Indeed, analyzing sensors is but one of the many creative ways in which researchers have attempted to hack smartphones. Others have attempted to gather data using gyroscopes, while one group has even attempted to study the smears on touchscreens to see if this might hold clues about passwords and pins.