Kumari Palany & Co

Wearable technology can give away your passwords, says new research

Posted on: 08/Jul/2016 5:32:18 PM
Scientists from the Binghamton University and the Stevens Institute of Technology in the US has said that wearable devices can give away your passwords. The researchers used data from sensors in smartwatches and fitness trackers to crack private PINs with up to 90 per cent accuracy. They used  computer algorithm could crack passwords with 80 per cent accuracy on the first try and more than 90 per cent accuracy after three tries.

Speaking about this, the researchers said, Wearable devices can be exploited. Attackers can reproduce the trajectories of the user`s hand then recover secret key entries to ATM cash machines, electronic door locks and keypad-controlled enterprise servers.

5000 key entry tests were conducted three key-based security systems. These systems included an ATM. The tests were conducted on 20 adults wearing a variety of technologies over 11 months. They could record millimetre-level information of fine-grained hand movements from accelerometers, gyroscopes and magnetometers inside the wearable technologies regardless of a hand`s pose.

These measurements, in turn, could lead to distance and direction estimations between consecutive keystrokes, which the team`s Backward PIN-sequence Inference Algorithm used to break codes with alarming accuracy without context clues about the keypad.

Say the researchers, This is the first technique that unveils personal PINs by exploiting information from wearable devices without the need for contextual information. There are two attacking scenarios that are achievable: internal and sniffing attacks. In an internal attack, attackers access embedded sensors in wrist-worn wearable devices through malware. The malware waits until the victim accesses a key-based security system and sends sensor data back. Then the attacker can aggregate the sensor data to determine the victim`s PIN. An attacker can also place a wireless sniffer close to a key-based security system to eavesdrop sensor data from wearable devices sent via Bluetooth to the victim`s associated smartphones. The findings are an early step in understanding security vulnerabilities of wearable devices. Even though wearable devices track health and medical activities, their size and computing power does not allow for robust security measures which make the data within more vulnerable to attack.