Wearables reveal PINs, passwords
The team used data from smartwatches and fitness trackers to crack private PINs and passwords with 80 percent accuracy on the first try and 90 percent accuracy on the third try. The method is effectively a data monitoring side-channel attack.
The researchers conducted 5,000 key-entry tests on three key-based security systems, including an automatic teller machine (ATM), with 20 adults wearing a variety of devices. The team was able to record millimeter-level information of fine-grained hand movements from accelerometers, gyroscopes and magnetometers. Those measurements lead to estimates of distance and direction movement between consecutive keystrokes that, in turn, were used by the team’s software to identify the most likely number or alphanumeric sequences.
A write-up of the 11-month research was published in proceedings of – and received the best paper award – at the 11th annual Association for Computing Machinery Asia Conference on Computer and Communications Security in Xi’an, China,
“Wearable devices can be exploited. Attackers can reproduce the trajectories of the user’s hand then recover secret key entries to ATM cash machines, electronic door locks and keypad-controlled enterprise servers,” said Yan Wang, assistant professor of computer science within the Thomas J. Watson School of Engineering and Applied Science at Binghamton University and co-author of the paper, in a statement.
Wang said the team had considered two lines of attack; an internal one and wireless one.
In the internal mode an attack gains access to sensor data by way of malware and then looks through this data to observe an interaction with a key-based system. An alternative is have a sniffer device located close the keypad that then listen for data sent over Bluetooth from the wearable to the owners smartphone.
The team observed that in efforts to extend the battery life of wearables developers have not included robust security measures. Countermeasures could include the injection of noise into data to make wearables less accurate so that they do not reveal keystroke informaton but can be used for step-counting and other functions, and better encryption of data communications between wearables and smartphones, the team said.
Related links and articles:
News articles:
What comes after MEMS’ golden age?
Sensors for wearable electronics on 40% CAGR
Boosted NFC aimed at wearables, contactless payments
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
