Researcher says vulnerability in smartwatches may leak your data to hackers even as you are typing
According to security researchers including one of Indian-origin, have warned that smartwatches are as vulnerable to hackers as any other gadget. This means that you are at an increased risk of losing your privacy as like other computer devices, as while wearing a smartwatch, motion sensors on the watch could leak information about what you are typing.
Researchers say smartwatches are susceptible to hackers, who used a homegrown app on a Samsung Gear Live smartwatch that looks at the data coming from the motion sensors, tracking the micromotions of keystrokes. They found that using a “Keystroke Detection” module it’s possible to take a guess at what word is being typed from the movements of the left wrist.
“Sensor data from wearable devices will clearly be a double-edged sword,” said Romit Roy Choudhury, associate professor of electrical and computer engineering at Illinois.
“While the device’s contact to the human body will offer invaluable insights into human health and context, it will also make way for deeper violation into human privacy… The core challenge is in characterising what can or cannot be inferred from sensor data and the MoLe project is one example along this direction,” he said.
His project called Motion Leaks through Smartwatch Sensors (MoLe) has privacy implications. For instance, an app that is disguised as a pedometer could collect data from emails, search queries and other confidential documents, said researchers at the University of Illinois at Urbana-Champaign.
“The core challenge is in characterizing what can or cannot be inferred from sensor data and the MoLe project is one example along this direction,” Choudhary added. This project used a Samsung watch. However, the researchers are of the opinion that any wearable device that uses motion sensors – from Apple Watch to Fitbit – could be susceptible as well.
To track the micro-motion of keystrokes, the app uses an accelerometer and gyroscope to detect what a wearer types on a keyboard. Once the sensor data was collected, the researchers ran it through a “Keystroke Detection” module, which examined the timing of each keystroke and the net 2D displacement of the watch. For example, the left wrist moves farther to type a “T” than an “F.”
While Illinois researchers developed MoLe, it is imaginable that hackers could construct a similar app and put it into iTunes and other libraries. “Here are a lot of good things that smart watches can bring to our lives, but there could be bad things,” noted He Wang, PhD student in electrical and computer engineering at Illinois.
A potential solution to motion leaks would be to reduce the sample rate of the sensors in the watch, says He Wang. For instance, the sample rate is normally around 200 Hertz, which means that the system logs 200 accelerometer and gyroscope readings per second. However, the users’ wrist movements become very hard to track, if that number is reduced to below 15.
The research team still has a long way to go in refining the data-collection process. For example, special characters such as numbers, punctuation and symbols that may appear in passwords cannot be identified by their current system. The “space” bar or key also poses a hindrance. Additionally, the researchers can only gather data from people who have standard typing patterns and from the hand wearing the watch. The team has plans to develop more models to account for typing differences in the future.
The work, funded by the US National Science Foundation, will be presented at the MobiCom 2015 conference in Paris this week.