Smartwatches and other assorted wearables have been under the scanner for potential security threats ever since they first hit the scene. A new study conducted by researchers at Stevens Institute of Technology and Binghamton University has uncovered just how serious that threat could be, with their findings discovering that such devices can give away your PIN number.
So far, stealing a person’s PIN number would require a thief to install dedicated hardware such as a camera or fake keypad. This is not the case with wearables, since attackers would be able to hack the data at a distance just by installing malware or a wireless sniffer. The team behind this study demonstrated this with the help of an algorithm dubbed the Backward PIN-Sequence Inference.
The method takes advantage of the numerous sensors found within most smart devices like accelerometers, gyroscopes and magnetometers. These sensors are constantly recording an individual’s hand movements, which means hackers can exploit it to figure out the moving distance of their victim’s hand between consecutive key entries.
Also See: Google to launch its own line of Android Wear smartwatches
Getting access to this data essentially allows thieves to reproduce the trajectories of a target’s hand and find out their password. The researchers managed to demonstrate this by using its Backward PIN-Sequence Inference algorithm on 5000 key entry traces sourced from 20 participants for key-based security systems like ATM keypads and standard QWERTY keyboards.
The results of their study is pretty staggering, with an 80% success rate when it came to nailing the password on the first try and a whopping 90% accuracy after 3 tries. The scientists think this is the first time such a technique for stealing PIN numbers using wearable devices has been implemented without the need for contextual information.
Yan Wang, one of the researcher professors involved in the study, says that the only way to safeguard yourself is to mask your data by randomly moving your hand between inputs while entering your PIN. On the manufacturer side of things, companies must find ways to better secure data such as adding noise to the transmitted signal so they can’t be easily translated.