Smartwatches, Wearable Devices Could Give Away Your ATM And Othe Important Codes

Wearable devices like your smartwatches and fitness trackers can be a double edged sword-helping you manage your life, but at the same time, could be giving away your secrets. Namely, your ATM PIN. These devices can track your very minute movements which could give hackers a good idea what your PIN code could be.

Researchers from Birmingham University and the Stevens Institute of Technology said that these devices could crack your code with 80 percent accuracy on the first try and up to 90 percent accuracy on the third using a computer algorithm.

According to Yan Wang, assistant professor at Birmingham University, users have to be careful when accessing codes while using a wearable device. As with any other device, wearables can be exploited by hackers by using the trajectories of your hand movements which can help them track ATM codes, electronic door encryptions and other keypad controlled security devices.

The research was conducted with 20 adults wearing different devices and tested them on 5,000 key-entries on three key-based security systems, including ATM key codes.

The data they gathered was able to record millimeter-level information for fine-grained hand movements using three important pieces of technology in wearables: accelerometers, gyroscopes and magnetometers. They were able to track movements regardless of how the hands are positioned.

The team used a "Backward PIN-sequence Inference Algorithm" to break the code without context clues about the keypad using data gathered from distance and direction estimations between consecutive keystrokes.

"There are two attacking scenarios that are achievable: internal and sniffing attacks," said Wang. "In an internal attack, attackers access embedded sensors in wrist-worn wearable devices through malware. The malware waits until the victim accesses a key-based security system and sends sensor data back."

"Then the attacker can aggregate the sensor data to determine the victim's PIN," Wang added. "An attacker can also place a wireless sniffer close to a key-based security system to eavesdrop sensor data from wearable devices sent via Bluetooth to the victim's associated smartphones."

The problem with these devices is that due to their limited size and computing power, strong security measures could not be installed in them making them vulnerable to attacks.

The only recommendation that the researchers could give would be for developers to insert some noise data in order to block gathering data from fine-grained hand movements without disrupting the fitness tracking function. In addition, better encryption between the wearable device and the host operating system should be done.