Beware: Smartwatches and Fitness Trackers may unwittingly give away your ATM PIN

PUBLISHED BY
Anna Domanska



TAGS:


5 years ago




Smartwatches or fitness trackers can give away your passwords and PIN numbers to hackers, according to scientists, who for the first time combined data from the embedded sensors found in wrist-worn wearables, such as smartwatches and fitness trackers to crack private PINs with up to 90 per cent accuracy.

The researchers from Binghamton University and the Stevens Institute of Technology in the US have developed a proprietary computer algorithm that can guess PINs and passwords with remarkable accuracy based solely on motion data to match them with the layout of typical key entry pads.

smartwatches and fitness trackers

In doing so, they were able to successfully crack private PINs and passwords with 80-percent accuracy on the first try and that figure climbed to more than 90-percent accuracy after three tries.

Yan Wang, assistant professor of computer science within the Thomas J. Watson School of Engineering and Applied Science at Binghamton University and a co-author of the study Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN,” said wearables can be can be exploited with the right equipment which allows hackers uncover more or less any secret combination by reproducing the trajectories of what the wearer has manually entered on a keypad to recover the sequence of buttons pressed at an ATM or electronic door lock. Even passwords typed on a keyboard are not considered safe, provided the attackers’ algorithm is advanced enough.

The research team recorded millimetre-level information of hand movements from accelerometers, gyroscopes, and magnetometers inside the wearable technologies to monitor how the wearers wrist moved, whether tapping the pin at a cash point, or entering the Facebook password on the phone. The internally-developed backward PIN-sequence inference algorithm then turns the data into PINs with accuracy without context clues about the keypad.

Though the technique is very advanced, the threat is very real and could compromise the wearer’s security, Wang said.

According to Wang, there are two attacking scenarios that are achievable. The first, called an internal attack that involves malware being installed on the wrist-worn smartwatches or fitness trackers, and then sent back to the hacker to determine a PIN or password. Likewise, the hacker can perform a sniffing attack in which they place a wireless sensor near a key-based security system. The sensor is capable of intruding the data sent through Bluetooth between the user’s wrist wear and a paired smartphone.

The research team conducted 5,000 key-entry tests on three key-based security systems, including an ATM, with 20 adults wearing a range of technologies for over 11 months. The findings are just the first step in understanding security vulnerabilities of wearable devices.

Researchers on the project said they don’t have a solid solution at the moment to prevent the attack but recommended developers to insert noise data which would make it difficult to garner motion data. Another idea, they said would be to enhance encryption to prevent sniffer success.

Or, may be users could just enter PIN and other private data using the other hand.

Anna Domanska
Anna Domanska is an Industry Leaders Magazine author possessing wide-range of knowledge for Business News. She is an avid reader and writer of Business and CEO Magazines and a rigorous follower of Business Leaders.

Recent Posts

Evergrande: A black swan event that could spook markets

Evergrande: A black swan event that could spook markets

EverGrande is now known as the “world’s most indebted property developer” and serves as a symbol of corporate excess.
3 hours ago
Moderna vaccine more effective than Pfizer, study says

Moderna vaccine more effective than Pfizer, study says

Moderna’s Covid-19 vaccine does a slightly better job of preventing coronavirus-related hospitalizations and emergency department visits.
2 days ago
iPhone 13 and iPhone 13 Pro: Specifications, Release Date, Features and much more

iPhone 13 and iPhone 13 Pro: Specifications, Release Date, Features and much more

Apple iPhone 13 Pro and iPhone 13 Pro Max can be a hit with its ever new technology A15 Bionic chip and other cool profound features.
3 days ago
Total signs $27 billion energy deal to fund 1-gigawatt solar power plant

Total signs $27 billion energy deal to fund 1-gigawatt solar power plant

The French oil major, Total, has signed a $27 billion deal to fund a 1-gigawatt solar power plant, and boost oil and gas production in the Middle-East region.
3 days ago
PMI seals $1.51 billion takeover of British inhalation specialist Vectura

PMI seals $1.51 billion takeover of British inhalation specialist Vectura

Philip Morris International (PMI) acquires a 22.6% stake in British inhalation specialist Vecutra closing in on the controversial $1.51 billion takeover.
4 days ago
Apple co-founder Steve Wozniak joins the space race

Apple co-founder Steve Wozniak joins the space race

Wozniak, popularly known as “Woz”, is setting up a private space company with Ripcord co-founder Alex Fielding. In a tweet, Wozniak shared a promotional video for the company c
5 days ago