Advertisement

Is your smartwatch exposing your ATM PIN?

New research shows hackers can, in fact, steal your PIN if you’re wearing a smartwatch

A new study has conducted that wearable devices can, in fact, give away your ATM PIN. 

Scientists from Binghamton University and the Stevens Institute of Technology combined data from embedded sensors in wearable technologies with a computer algorithm to crack ATM PINs and passwords with an 80% accuracy on the first try and more than a 90% accuracy after three attempts.

watch-ATM

The team conducted 5,000 key-entry tests on three key-based security systems, including an ATM. The tests all took place over an 11-month period where 20 adults participated wearing a variety of wearable technologies.

So, how was it done? The team recorded information that included fine-grained hand movements from accelerometers, gyroscopes, and magnetometers inside the wearable technologies, regardless of how the user’s hands were positioned. As a result, this data led to distance and direction estimations between consecutive keystrokes. From there, the team’s algorithm was used to break codes accurately without any context clues about the keypad.

“Wearable devices can be exploited,” said Yan Wang, assistant professor of computer science within the Thomas J. Watson School of Engineering and Applied Science at Binghamton University. “Attackers can reproduce the trajectories of the user's hand, then recover secret key entries to ATM cash machines, electronic door locks, and keypad-controlled enterprise servers.”

The researchers noted that this is the first technique that can be used to reveal personal PINs by attaining information from wearable devices without needing any precise data. The findings are the first step in understanding security flaws in wearable devices. Although wearables can track health and medical activities, their size and computing power don’t allow for strict security measures, ultimately making the data within them more vulnerable to attack.

While the team did not have a direction solution for its current findings, it did suggest that developers should “inject a certain type of noise to data so it cannot be used to derive fine-grained hand movements, while still being effective for fitness tracking purposes, such as activity recognition or step counts.”

Source: Phys.org

Advertisement



Learn more about Electronic Products Magazine

Leave a Reply