Beware: Smartwatches and Fitness Trackers may unwittingly give away your ATM PIN

PUBLISHED BY
Anna Domanska



TAGS:


5 years ago




Smartwatches or fitness trackers can give away your passwords and PIN numbers to hackers, according to scientists, who for the first time combined data from the embedded sensors found in wrist-worn wearables, such as smartwatches and fitness trackers to crack private PINs with up to 90 per cent accuracy.

The researchers from Binghamton University and the Stevens Institute of Technology in the US have developed a proprietary computer algorithm that can guess PINs and passwords with remarkable accuracy based solely on motion data to match them with the layout of typical key entry pads.

smartwatches and fitness trackers

In doing so, they were able to successfully crack private PINs and passwords with 80-percent accuracy on the first try and that figure climbed to more than 90-percent accuracy after three tries.

Yan Wang, assistant professor of computer science within the Thomas J. Watson School of Engineering and Applied Science at Binghamton University and a co-author of the study Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN,” said wearables can be can be exploited with the right equipment which allows hackers uncover more or less any secret combination by reproducing the trajectories of what the wearer has manually entered on a keypad to recover the sequence of buttons pressed at an ATM or electronic door lock. Even passwords typed on a keyboard are not considered safe, provided the attackers’ algorithm is advanced enough.

The research team recorded millimetre-level information of hand movements from accelerometers, gyroscopes, and magnetometers inside the wearable technologies to monitor how the wearers wrist moved, whether tapping the pin at a cash point, or entering the Facebook password on the phone. The internally-developed backward PIN-sequence inference algorithm then turns the data into PINs with accuracy without context clues about the keypad.

Though the technique is very advanced, the threat is very real and could compromise the wearer’s security, Wang said.

According to Wang, there are two attacking scenarios that are achievable. The first, called an internal attack that involves malware being installed on the wrist-worn smartwatches or fitness trackers, and then sent back to the hacker to determine a PIN or password. Likewise, the hacker can perform a sniffing attack in which they place a wireless sensor near a key-based security system. The sensor is capable of intruding the data sent through Bluetooth between the user’s wrist wear and a paired smartphone.

The research team conducted 5,000 key-entry tests on three key-based security systems, including an ATM, with 20 adults wearing a range of technologies for over 11 months. The findings are just the first step in understanding security vulnerabilities of wearable devices.

Researchers on the project said they don’t have a solid solution at the moment to prevent the attack but recommended developers to insert noise data which would make it difficult to garner motion data. Another idea, they said would be to enhance encryption to prevent sniffer success.

Or, may be users could just enter PIN and other private data using the other hand.

Anna Domanska
Anna Domanska is an Industry Leaders Magazine author possessing wide-range of knowledge for Business News. She is an avid reader and writer of Business and CEO Magazines and a rigorous follower of Business Leaders.

Recent Posts

Elon Musk’s Starlink satellite internet set to cover the globe soon

Elon Musk’s Starlink satellite internet set to cover the globe soon

Starlink, the satellite internet unit of Elon Musk’s SpaceX, will most likely be able to provide global coverage by September, according to the company’s president Gwynne S
16 hours ago
At the next Krispy Kreme IPO, the donut maker aims to raise nearly $4 billion

At the next Krispy Kreme IPO, the donut maker aims to raise nearly $4 billion

Krispy Kreme, the popular donut chain, aims raise roughly $4 billion as it makes one of the biggest IPO debuts at the NYSE.
17 hours ago
Panasonic hopes Blue Yonder acquisition will improve its software woes

Panasonic hopes Blue Yonder acquisition will improve its software woes

Most Japanese major companies, which at one time were leaders in consumer electronics, are struggling to find their feet in a world that has moved to digital software. Electronics
1 day ago
Ikea and Rockefeller Foundations to raise $10 billion for renewable energy projects in poor countries

Ikea and Rockefeller Foundations to raise $10 billion for renewable energy projects in poor countries

The Ikea and Rockefeller foundations are jointly launching a $10 billion fund to promote small-scale renewable power projects in developing nations. Both
3 days ago
EC initiates another probe into Google’s adtech practices

EC initiates another probe into Google’s adtech practices

EU antitrust regulators are planning a formal investigation into Google’s digital advertising practices by the end of this year. Google is already facing unprecedented regulatory
3 days ago
Some Microsoft employees stayed at data centers during Pandemic to keep all systems going

Some Microsoft employees stayed at data centers during Pandemic to keep all systems going

The Covid-19 pandemic ravaging the world for more than a year has forced companies and organizations to find viable solutions to keep the business going. Most found a solution in w
4 days ago