Smartwatches and fitness trackers have become quite popular in the last few months. People are falling more and more in love with these humble devices that do a lot more than just showing the correct time, and are often seen flaunting it. However, what these people don’t know is that their wearable can unknowingly give away their ATM PINs, passwords and more in the hands of cyber criminals.
The threat is real and has been confirmed by a latest study done by scientists from Binghamton University and the Stevens Institute of Technology. Their paper titled Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN, reveals that like every other smart device out there, even smartwaches and fitness trackers data can be snooped into and leveraged for stealing users’ passwords and personal information.
How? There are two possible attacking scenarios explains Yan Wang from Binghamton University, the co-authore of this study. He says, “There are two attacking scenarios that are achievable: internal and snooping. In internal attack, attackers access embedded sensors in wrist-worn wearable devices through malware. The malware waits until the victim accesses a key-based security system and sends sensor data back. Then the attacker can aggregate the sensor data to determine the victim’s PIN. An attacker can also place a wireless sniffer close to a key-based security system to eavesdrop sensor data from wearable devices sent via Bluetooth to the victim’s associated smartphones.”
And how accurate these recordings could turn out to be? Up to millimeter-level information of fine-grained hand movements can be recorded using accelerometers, gyroscopes and magnetometres inside the wearable technologies reveals the study. Wang, along with Xiaonan Guo, Bo Liu, Chen Wang and lead researcher Yingying Chen from the Stevens Institute of Technology conducted 5,000 key-entry tests on three key-based security systems, including an ATM, with 20 adults wearing a variety of technologies over 11 months.
We bet you won’t go out to the ATM wearing your smartwatch or fitness tracker after reading this. Or would you?
(Richa Sharma is associated with TMI as contributory author)