PIN codes at risk from wrist-worn wearables

PIN codes at risk from wrist-worn wearables

Technology News |
By Rich Pell

In a paper titled “Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN“, the researchers combined data from the embedded sensors found in wrist-worn wearables, such as smartwatches and fitness trackers, and through a proprietary computer algorithm, extracted the motion patterns to match them with the layout of typical key entry pads.

In doing so, they were able to crack private PINs and passwords with 80% accuracy on the first try and more than 90% accuracy after three tries.

The researchers described two attacking scenarios, both relying on accessing unencrypted sensor data. In an internal attack, attackers would access embedded sensors in wrist-worn wearable devices through malware.

“The malware waits until the victim accesses a key-based security system and sends sensor data back. Then the attacker can aggregate the sensor data to determine the victim’s PIN”, says Yan Wang, assistant professor of computer science within the Thomas J. Watson School of Engineering and Applied Science at Binghamton University and a co-author of the study.

In a data sniffing scenario, the attacker could place a wireless sniffer close to a key-based security system to eavesdrop sensor data typically sent over Bluetooth, from the wearables devices to the wearer’s associated smartphones.

The researchers conducted 5,000 key-entry tests on three key-based security systems, including an ATM, with 20 adults wearing a variety of technologies over 11 months. The team was able to record millimetre-level information of fine-grained hand movements from accelerometers, gyroscopes and magnetometers inside the wearable technologies regardless of a hand’s pose.

Those measurements lead to distance and direction estimations between consecutive keystrokes, which the team’s “Backward PIN-sequence Inference Algorithm” used to break codes with excellent accuracy without context clues about the keypad.

This research highlight once more the pressing need for in-device data encryption and secure IoT communications, two very hot topics these days.

Related articles:
IoT Security Foundation launches, takes on cybersecurity
Cybersecurity is fertile breeding ground for startups, says report
Contactless, mobile payments to drive cashless society
Tiny NFC security module targets smart wearables

If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :    eeNews on Google News


Linked Articles