Get our free email newsletter

Hackers Can Steal PIN Codes from Wearables

SmartwatchYour wearable device is tracking your hand movements, which is great if you want to know how many calories you’ve burned, but terrible if you don’t want hackers to know how to get into your bank account. Researchers from Binghamton University have demonstrated that algorithms can use the data from embedded sensors in smartwatches and fitness trackers to easily and accurately identify a user’s personal PIN code. Researcher Yan Wang warns:

There are two attacking scenarios that are achievable: internal and sniffing attacks. In an internal attack, attackers access embedded sensors in wrist-worn wearable devices through malware. The malware waits until the victim accesses a key-based security system and sends sensor data back. Then the attacker can aggregate the sensor data to determine the victim’s PIN. An attacker can also place a wireless sniffer close to a key-based security system to eavesdrop sensor data from wearable devices sent via Bluetooth to the victim’s associated smartphones.

The acelerometers, gyroscopes, and magnetometers inside wearables detect hand movement, such as the exact motion you make when entering your PIN to access your bank account at an ATM machine. The researchers conducted 5,000 key entry tests and found that the devices tracked movements within a millimeter, which is certainly precise enough to determine which buttons were pressed. The team then used a “Backward PIN-sequence Inference Algorithm” to break the codes with incredible accuracy. They identified the correct PIN 80 percent of the time on the very first try, and 90 percent of the time on the second try.

The team suggests that we need better encryption for wearables, and recommends that developers should “inject a certain type of noise to data so it cannot be used to derive fine-grained hand movements, while still being effective for fitness tracking purposes such as activity recognition or step counts.”

- Partner Content -

Shielding Effectiveness Test Guide

Just as interference testing requires RF enclosures, isolation systems in turn need their own testing. This document reviews some of the issues and considerations in testing RF enclosures.

Source: Binghamton University

Related Articles

Digital Sponsors

Become a Sponsor

Discover new products, review technical whitepapers, read the latest compliance news, and check out trending engineering news.

Get our email updates

What's New

- From Our Sponsors -

Sign up for the In Compliance Email Newsletter

Discover new products, review technical whitepapers, read the latest compliance news, and trending engineering news.