Hackers Can Get Your PIN and Password Through Wearables
Researchers from Stevens Institute of Technology and Binghamton University have just discovered a major flaw in some wearable devices. It was proven that PINs and passwords are vulnerable to attack from hackers.
In their first attempt of testing, the researchers were able to crack passwords and PINs with 80 percent accuracy and more than 90 percent accuracy after the third test. The procedure was carried out with a nine-axis motion tracking device and two smartwatches.
The team’s research paper further explained:
In this work, we show that a wearable device can be exploited to discriminate mm-level distances and directions of the user’s fine-grained hand movements, which enable attackers to reproduce the trajectories of the user’s hand and further to recover the secret key entries.
The research was carried out using the Moto360 and KG W150 smartwatches. It was later realized that the embedded sensors in wearables can be employed to track user’s hand movements during their key entries.
In particular, our system confirms the possibility of using embedded sensors in wearable devices, i.e., accelerometers, gyroscopes, and magnetometers, to derive the moving distance of the user’s hand between consecutive key entries regardless of the pose of the hand. Our Backward PIN-Sequence Inference algorithm exploits the inherent physical constraints between key entries to infer the complete user key entry sequence.
Many users were concerned about the possible breach of their security after the research was done. This discovery is said to encourage wearable manufacturers to make their devices more secure from hackers by including sound data encryption.
