Your smartwatch and fitness trackers may reveal your ATM/credit card PINs
According to researchers, cyber criminals can easily exploit wearable devices such as smartwatch and fitness trackers to steal sensitive information like your ATM/Credit Card PIN or passwords for electronic door locks. This was revealed in a study by researchers from Binghamton University in the US.
The researchers combined data from embedded sensors in wearable technologies such as smartwatches and fitness trackers. The algorithm calledย โBackward PIN-sequence Inference Algorithmโ developed by the research team could crack private PINs and passwords withย 80 percent accuracy on the first try and more than 90 percent accuracy after three efforts.
The team conducted 5,000 key-entry tests on three key-based security systems, including an ATM, with 20 adults wearing a variety of technologies over 11 months. ย They were able to record millimetre-level information of fine-grained hand movements from accelerometers, gyroscopes and magnetometers inside the wearable technologies regardless of a handโs pose.
โWearable devices can be exploited. Attackers can reproduce the trajectories of the userโs hand and recover secret key entries to ATM cash machines, electronic door locks, and keypad-controlled enterprise servers,โ said Yan Wang, a member of the research team.
The team used โBackward PIN-sequence Inference Algorithmโ to break codes with alarming accuracy without context clues about the keypad. โThe threat is real, although the approach is sophisticated,โ Wang said in the paper presented at the โ11th ACM on Asia Conference on Computer and Communications Securityโ conference in China recently.
The researchers did not give a solution for the problem but suggest that developers โinject a certain type of noise to data so it cannot be used to derive fine-grained hand movements, while still being effective for fitness tracking purposes such as activity recognition or step countsโ.
Wang co-authored the study along with Chen Wang from the Stevens Institute of Technology in New Jersey.