Wearables, as in your wrist-mounted wearable computer Smartwatches can reveal your pins and passwords, Beware!!!, because with all the personal data it collects, your wrist-mounted wearable computer is almost definitely going to betray you at some point, whether that’s a reminder to get up and do another 5,000 steps this afternoon or accidentally giving away your ATM PIN. Do you know that it is simple to determine your PIN or password by reverse-engineering motion sensor data from a smartwatch or fitness tracker?.
According to a team of researchers from the Binghamton University and the Stevens Institute of Technology describe a deceptively straightforward method that can reportedly guess your password with about 80 percent accuracy on the first attempt. Although the paper doesn’t name specific devices that are vulnerable, it does note that many record your hand’s movements with enough detail to precisely identify key presses.
The team combined wearable sensor data harvested from more than 5,000 key entry traces made by 20 adults with an algorithm they created to infer key entry sequences based on analyzing hand movements, applying the technique to different types of keypads (including ATM style and Qwerty keypad variants) and using three different wearables (two smartwatches and a nine-axis motion-tracking device). Guess the result??? They were able to crack PINs with 80% accuracy on the first attempt, Can you imagine that? and more than 90% accuracy after three tries.
Also Read—> The two Smartwatches Google will launch soon
OMG!!! Below is the description of the work from their research paper:
In this work, we show that a wearable device can be exploited to discriminate mm-level distances and directions of the user’s fine-grained hand movements, which enable attackers to reproduce the trajectories of the user’s hand and further to recover the secret key entries. In particular, our system confirms the possibility of using embedded sensors in wearable devices, i.e., accelerometers, gyroscopes, and magnetometers, to derive the moving distance of the user’s hand between consecutive key entries regardless of the pose of the hand. Our Backward PIN-Sequence Inference algorithm exploits the inherent physical constraints between key entries to infer the complete user key entry sequence.
Professor Yan Wang, which is one of the Researchers told IEEE that what gives the technique the possibility to work and provide sufficient information of hand movements is the volume of sensors in wearables. So it simply means that the more the hand moves, the less secure you become. He also said that to eliminate errors when trying to calculate distance moved based on acceleration, they worked backwards from the final movement in an input sequence, which is likely to be pressing enter on the keypad. allowing them to translate the rest of the key presses.
On the aspect of solution, the research team suggests developers should obfuscate sensitive data by introducing “a certain type of noise data” that would allow it to still be used for fitness tracking, but not keystroke-guessing. Or, you could always take a low-tech approach and remember to enter your passwords with the hand that is probably not wearing a highly sophisticated motion tracking device. In a security sense, having more noise with your signal can actually be a boon.