Hackers Can Steal Your ATM PIN from Your Smartwatch Or Fitness Tracker

Hackers Can Steal Your ATM PIN from Your Smartwatch Or Fitness Tracker

Hackers Can Steal Your ATM PIN from Your Smartwatch Or Fitness Tracker: Could wearing a fitness tracker or smartwatch make it easier for scammers to exploit your private PIN? That’s the conclusion of a shocking new study released this month.

Wearable technology has become so commonplace these days — one wouldn’t automatically suspect their wrist to be the place where hackers or cyber criminals would strike next.

smartwatch-can-reveal-your-atm-pin-number-hack

“Wearable devices can be exploited. Attackers can reproduce the trajectories of the user’s hand then recover secret key entries to ATM cash machines, electronic door locks, and keypad-controlled enterprise servers,” said Yan Wang, assistant professor at Binghamton University in the US.

 In the paper, “Friend or Foe?: Your Wearable Devices Reveal Your Personal Pin,” researchers from Binghamton University and the Stevens Institute of Technology described how, with the help of a computer algorithm, they used data collected by these devices to crack passwords, which they managed to do with 80% accuracy on the first try and more than 90% accuracy after three tries.

How they Retrieve Passwords and PINs Using this Algorithm

Researchers team say their “Backward PIN-Sequence Inference” algorithm can be used to capture anything a person type on any keyboard – from automatic teller machine or ATM keypads to mobile keypads – through infected smartwatches, even if the person makes the slight hand movements while entering PINs.
Over 11 months, the researchers performed 5,000 key-entry tests on three key-based security systems, including an ATM, while 20 adults wore a variety of devices, such as activity trackers and smartwatches.

Typically, a hacker would need to install a video camera or fake keypad in order to uncover personal information, the researchers wrote.

However in this work, they found wearable devices “can be exploited to discriminate millimeter-level information of fine-grained hand movements from accelerometers, gyroscopes, and magnetometers that are used inside the wearable technologies, which enable attackers to reproduce the trajectories of the user’s hand and further to recover the secret key entries.”

Methods Of Attacks

According to the research team, this is the first technique that reveals personal PINs by exploiting information from wearable devices without the need for contextual information.
smartwatch-hand-red-blue-green-red-color-smartwatches

“The threat is real, although the approach is sophisticated,” Wang added. “There are two attacking scenarios that are achievable: internal and sniffing attacks. In an internal attack, attackers access embedded sensors in wrist-worn wearable devices through malware. The malware waits until the victim accesses a key-based security system and sends sensor data back. Then the attacker can aggregate the sensor data to determine the victim’s PIN. An attacker can also place a wireless sniffer close to a key-based security system to eavesdrop sensor data from wearable devices sent via Bluetooth to the victim’s associated smartphones.”

Conclusion

Although researchers did not give a solution for the problem but suggested that developers can “inject a certain type of noise to data so that it cannot be used to derive fine-grained hand movements, while still being effective for fitness tracking purposes such as activity recognition or step counts”.
Another simple way is to not use smartwatch or sensor tracking gadgets while ongoing with financial transactions – or While entering your passwords or PINs always use only the hand that is not having a wearable device with the highly sophisticated motion tracker.

RECENT POST

poshmark
Product Reviews

Poshmark: A Guide to Safe Buying and Profit Selling

The iconic French designer icon, Yves Saint Laurent, once said, “I have always believed that fashion was not only to make women more beautiful but …

business of former athletes
Startups

Life after Sports: Businesses Common for Athletes after their Careers

Many athletes, after finishing their careers, find themselves very successful in other areas and often even begin to earn more income than earlier. The qualities …

girl using his cellphone
Tech Tips

5 Most Effective Content Writing Tips for Small Businesses

There are over 409 million users visiting blogs on WordPress every month. If you are not writing and publishing content about your business online, you’re …

movie stream
Technology

The 15 Best Movie Streaming Sites: Watch Movies Online

There’s nothing like relaxing after a long day with a good movie. Movies are what keep us entertained, especially in the post-pandemic era where digital …

personal safety apps
Apps

27 of the Best Personal Safety Apps For Your Smartphone for 2021

This article is about the best personal safety apps., and student safety apps, most of them free, and a few paid, but, fear not (no …

home workout
Apps

5 Best Home Workout Apps

Despite the likelihood of Toronto entering the grey zone of the reopening framework this February, most businesses that are recreational in nature such as gyms …