Your Passwords Can Be Stolen Through Wearables

A new research paper from Stevens Institute of Technology reported wearables may leak sensitive information such as personal identification number (PIN) to hackers as you use them.

The shocking finding comes as companies such as Fitbit Inc FIT and Apple Inc. AAPL are investing heavily in wearable technology primarily sold as fitness trackers and smartwatches. In fact, Stevens said the segment has already clocked an estimated $14 billion in sales worldwide and expected to more than double within four years, possibly exceeding $30 billion.

Your Hands Can Be Hacked

Stevens researchers discovered "the motions of your hands as you use PIN pads, which is continually and automatically recorded by your device, can be hacked in real time and used to guess your PIN with more than 90 percent accuracy within a few attempts."

"This was surprising, even to those of us already working in this area," Professor Yingying Chen said in a press release. "It may be easier than we think for criminals to obtain secret information from our wearables by using the right techniques."

"The Stevens team outfitted 20 volunteers with an array of fitness wristbands and smart watches, then asked them to make some 5,000 sample PIN entries on keypads or laptop keyboards while 'sniffing' the packets of Bluetooth low energy (BLE) data transmitted by sensors in those devices to paired smartphones."

Related Link: Citi Analysts Expect A Stronger Quarter From Fitbit, But See Some Brexit-Related Headwinds

Types Of Attacks

"There are two kinds of potential attacks here: sniffing attacks and internal attacks," explained Chen. "An adversary can place a wireless 'sniffer' close to a key-based security system and eavesdrop sensor data from wearable devices. Or, in an internal attack, an adversary accesses sensors in the devices via malware. The malware waits until the victim accesses a key-based security system to collect the sensor data.

"After capturing accelerometer, gyroscope and magnetometer data from the devices and using it to calculate typical distances between and directions of consecutive key entries, Chen's team developed a backward-inference algorithm to predict four-digit PIN codes."

The Results

Chen elaborated, "These predictions were assisted by the standardized layout of most PIN pads and keyboards — plus the knowledge that nearly all users will hit 'enter' as their final significant hand motion after entering a code."

While some wearables were more secure than others, the algorithm's "first guess" was right, on average, 80 percent of the time and, "within five tries, its accuracy climbed to 99 percent on some devices."

"Further research is needed, and we are also working on countermeasures," concluded Chen, adding that wearables are not easily hackable — but they are hackable.

Market News and Data brought to you by Benzinga APIs
Comments
Loading...
Posted In: NewsTechMediaStevensYingying Chen
Benzinga simplifies the market for smarter investing

Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.

Join Now: Free!