Watch Out for Your Smart Watch - It May Give Out More Than Your Run Distance
I've always worried about the people swiping their smart phones at check-out to pay for merchandise. Aren't they worried someone could pick up their banking information?
Now a new study says your smart watch may give away your ATM info. Wearable devices can give away your passwords, according to new research, newswise.com reports.
“Wearable devices can be exploited,” says study co-author Yan Wang, assistant professor of computer science within the Thomas J. Watson School of Engineering and Applied Science at Binghamton University. “Attackers can reproduce the trajectories of the user’s hand then recover secret key entries to ATM cash machines, electronic door locks and keypad-controlled enterprise servers.”
Researchers conducted 5,000 key-entry tests on three key-based security systems, including an ATM, with 20 adults wearing a variety of technologies over 11 months. The team was able to record millimeter-level information of fine-grained hand movements from accelerometers, gyroscopes and magnetometers inside the wearable technologies regardless of a hand’s pose.
Those measurements lead to distance and direction estimations between consecutive keystrokes, which the team’s “Backward PIN-sequence Inference Algorithm” used to break codes with alarming accuracy without context clues about the keypad.
According to the research team, this is the first technique that reveals personal PINs by exploiting information from wearable devices without the need for contextual information.
“The threat is real, although the approach is sophisticated,” Wang adds. “There are two attacking scenarios that are achievable: internal and sniffing attacks. In an internal attack, attackers access embedded sensors in wrist-worn wearable devices through malware. The malware waits until the victim accesses a key-based security system and sends sensor data back. Then the attacker can aggregate the sensor data to determine the victim's PIN. An attacker can also place a wireless sniffer close to a key-based security system to eavesdrop sensor data from wearable devices sent via Bluetooth to the victim’s associated smartphones.”
The findings are an early step in understanding security vulnerabilities of wearable devices. Even though wearable devices track health and medical activities, their size and computing power doesn’t allow for robust security measures, which makes the data within more vulnerable to attack.
So enjoy all the features your smart watch provides. But just remember: watch out for it.
Now a new study says your smart watch may give away your ATM info. Wearable devices can give away your passwords, according to new research, newswise.com reports.
“Wearable devices can be exploited,” says study co-author Yan Wang, assistant professor of computer science within the Thomas J. Watson School of Engineering and Applied Science at Binghamton University. “Attackers can reproduce the trajectories of the user’s hand then recover secret key entries to ATM cash machines, electronic door locks and keypad-controlled enterprise servers.”
Researchers conducted 5,000 key-entry tests on three key-based security systems, including an ATM, with 20 adults wearing a variety of technologies over 11 months. The team was able to record millimeter-level information of fine-grained hand movements from accelerometers, gyroscopes and magnetometers inside the wearable technologies regardless of a hand’s pose.
Those measurements lead to distance and direction estimations between consecutive keystrokes, which the team’s “Backward PIN-sequence Inference Algorithm” used to break codes with alarming accuracy without context clues about the keypad.
According to the research team, this is the first technique that reveals personal PINs by exploiting information from wearable devices without the need for contextual information.
“The threat is real, although the approach is sophisticated,” Wang adds. “There are two attacking scenarios that are achievable: internal and sniffing attacks. In an internal attack, attackers access embedded sensors in wrist-worn wearable devices through malware. The malware waits until the victim accesses a key-based security system and sends sensor data back. Then the attacker can aggregate the sensor data to determine the victim's PIN. An attacker can also place a wireless sniffer close to a key-based security system to eavesdrop sensor data from wearable devices sent via Bluetooth to the victim’s associated smartphones.”
The findings are an early step in understanding security vulnerabilities of wearable devices. Even though wearable devices track health and medical activities, their size and computing power doesn’t allow for robust security measures, which makes the data within more vulnerable to attack.
So enjoy all the features your smart watch provides. But just remember: watch out for it.
Comments
Post a Comment