Smartwatches have become an intrinsic part of our day to day lives, but hackers have discovered ways to attack their vulnerabilities. In the latest study, researchers have found that smartwatches can be easily used by cyber criminals to steal ATM PIN or passwords.
Yan Wang from Binghamton University in the US, says,”Wearable devices can be exploited. Attackers can reproduce the trajectories of the user’s hand and recover secret key entries to ATM cash machines, electronic door locks, and keypad-controlled enterprise servers,”
In one of the experiments, researchers consolidated data from implanted sensors in wearables such as fitness trackers and smartwatches, paired them with a computer algorithm for cracking secret PINs and passwords. Surprisingly, they attained 80 percent accuracy on the first attempt and higher than 90 percent accuracy after three trials.
The research was conducted on three key-based security systems, and 5,000 key-entry tests were performed. The trial included an ATM, with 20 adults sporting different wearables over a span of 11 months. In this period, researchers were able to record millimetre-level data of fine-grained hand movements with the help of accelerometers, gyroscopes and magnetometers sensors embedded inside the smartwatches and trackers, notwithstanding the hand’s pose. The measurement of hand movements recorded on the wearable lead to a stable estimation of consecutive keystrokes, which in turn helped team’s “Backward PIN-sequence Inference Algorithm” in breaking secret codes with excellent accuracy without any substantial clue about the keypad.
At the 11th ACM on Asia Conference on Computer and Communications Security, Wang said,”The threat is real, although the approach is sophisticated,”
Can developers fight vulnerabilities in smartwatches?
The study revealed a lot of loopholes in the wearable technologies, which can act as a nightmare for user security. Researchers who conducted the study did not come up with a solution for these vulnerabilities. However, they did suggest to developers,”inject a certain type of noise to data so it cannot be used to derive fine-grained hand movements, while still being effective for fitness tracking purposes such as activity recognition or step counts.”
Well, this study is an alarming bell for smartwatch/fitness tracker users. We suggest users keep their wearables safe. If your wearable ever goes missing, then it would be better to change all your PINs and Passwords, right away. As they say, prevention is better than cure.