You would think wearables like smartwatches would be just as secure at protecting sensitive data like passwords and PINs as the smartphones they’re paired with, especially when they run on the same software platform. It turns out, however, that smartwatches have a very distinct way of making it easier for hackers to obtain that data: the motion sensors used to detect movement and gestures.
A new study conducted by New York’s Binghamton University says when the sensors record information about a wearer’s hand movements, that data could be used by an attacker to reproduce the entry of typed information. Not just something typed on the smartwatch’s screen, mind you, but physical external keyboards as well, from the one on your desktop to ATMs.
To test their theory, the researchers created an algorithm to monitor and record the data from sensors like accelerometers, gyroscopes, and magnetometers, and then use it to determine a key entry-based password.
Using over 5,000 key entry traces made by 20 different adults across three wearables devices (two smartwatches and one motion tracker) — on both QWERTY keyboards and ATM-style keypads — the software was able to guess the password on the first try with 80% accuracy. When three tries are made, it achieved over 90% accuracy.
Now, there’s no need to panic just yet, as the computer scientists note that it would take a very sophisticated attack to pull something like this off, however the possibility does exist.
The two scenarios where they imagine it working are with the installation of malware on the smartwatch to monitor the data from motion sensors, or with a wireless device next to a keypad that attempts to access the data via a Bluetooth connection with the wearable.
VIA: IEEE Spectrum