Wearable devices can give away your passwords, according to new research.
In the paper “Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN” scientists from the Stevens Institute of Technology and Binghamton University combined data from embedded sensors in wearable technologies, such as smartwatches and fitness trackers, along with a computer algorithm to crack private PINs and passwords with 80-percent accuracy on the first try and more than 90-percent accuracy after three tries.
Yan Wang, assistant professor of computer science within the Thomas J. Watson School of Engineering and Applied Science at Binghamton University is a co-author of the study along with the lead researcher, his advisor Yingying Chen, from the Stevens Institute of Technology. There are three other students from Stevens Institute of Technology are working on this project together. The group is collaborating on this and other mobile device-related security and privacy projects.
“Wearable devices can be exploited,” said Wang. “Attackers can reproduce the trajectories of the user’s hand then recover secret key entries to ATM cash machines, electronic door locks and keypad-controlled enterprise servers.”
“This was surprising, even to those of us already working in this area,” says the lead researcher Chen, a multiple time National Science Foundation (NSF) awardee. “It may be easier than we think for criminals to obtain secret information from our wearables by using the right techniques.
With extensive real experiments, the team was able to record millimeter-level information of fine-grained hand movements from accelerometers, gyroscopes and magnetometers inside the wearable technologies regardless of a hand’s pose. Those measurements lead to distance and direction estimations between consecutive keystrokes, which the team’s “Backward PIN-sequence Inference Algorithm” used to break codes with alarming accuracy without context clues about the keypad.
Click here to read more.
SOURCE: Science Daily / Binghamton University
Leave a Reply
You must be logged in to post a comment.