Consumer Electronics

Wearable Devices May Be Revealing Your ATM PIN

15 July 2016

According to new research conducted by scientists at the Stevens Institute of Technology and Binghamton University, wearable devices are capable of giving away your passwords.

(Image Credit: American Express) (Image Credit: American Express)

The researchers who discovered this combined data from embedded sensors in wearable technologies-- like smartwatches and fitness trackers-- with a computer algorithm to crack private PINs and passwords, with 80% accuracy on the first try and more than 90% accuracy after three tries.

"Wearable devices can be exploited," said Yan Wang, assistant professor of computer science at Binghamton University. "Attackers can reproduce the trajectories of the user’s hand then recover secret key entries to ATM cash machines, electronic door locks and keypad-controlled enterprise servers."

After conducting multiple experiments, the team was able to record millimeter-level information of fine-grained hand movements from accelerometers, gyroscopes and magnetometers inside the wearable technologies regardless of hand position. Those measurements lead to distance and direction estimations between consecutive keystrokes, which the team’s "Backward PIN-sequence Inference Algorithm" used to break codes with great accuracy.

According to the team, this is the first technique that reveals personal PINs by exploiting information from wearable devices without the need for contextual information.

"This was surprising, even to those of us already working in this area," said Yingying Chen, lead researcher. "It may be easier than we think for criminals to obtain secret information from our wearables by using the right techniques.

These findings are just the beginning when it comes to understanding security vulnerabilities of wearable devices. The size and computing power of wearable devices may not allow them to come equipped with significant security measures, which makes the data within them more vulnerable to attack.

Currently, the team is working on countermeasures for their newly discovered problem. An initial approach it has come up with is "injecting a certain type of noise to data so it cannot be used to derive fine-grained hand movements, while still being effective for fitness tracking purposes such as activity recognition or step counts."

Another protective measure could include better encryption between the wearable device and the host operating system.

Powered by CR4, the Engineering Community

Discussion – 0 comments

By posting a comment you confirm that you have read and accept our Posting Rules and Terms of Use.
Engineering Newsletter Signup
Get the Engineering360
Stay up to date on:
Features the top stories, latest news, charts, insights and more on the end-to-end electronics value chain.
Weekly Newsletter
Get news, research, and analysis
on the Electronics industry in your
inbox every week - for FREE
Sign up for our FREE eNewsletter
Find Free Electronics Datasheets