Smartwatches and other wearables, such as those that record vital signs of fitness (fitness trackers), could betray their personal user codes like ATMs secret pin.
The relevant disclosure-warning was first published by researchers from the US. They combined data from devices sensors , with the help of an algorithm they managed to “crack” the passwords and PIN.
The researchers experimented with 20 volunteers wore on their bodies various devices for approximately one year. The “good” hackers, had a success at code breaking rate of 80% on their first attempt. Impressively , accuracy had exceeded 90%, after three attempts.
“The wearable devices and Smartwatches can fall victim to hackers. Attackers can reproduce the user’s hand movements and thus steal the secret codes for ATMs, electronic door locks, etc. ” The threat is real” said assistant professor of science Yan Wang computers.
The interception could be done with a “Trojan horse”. Hacker could import appropriate malicious software (malware) into the user’s smartwatch or other wearable. By doing that, he can now monitor and secretly records embedded electronic sensors .
So when users, wearing malware infected Smartwatches, enters PIN at an ATM, the latter unwittingly sends hackers data about the user’s hand movements. With the help of another software (algorithm), he is able to guess what did user typed at the ATM. All the above can be applied to the electronic lock of the house and the safe or in any other security system.
Alternatively, instead of introducing malware-Trojan on the user device, the hacker can place a wireless interception device near ATM or anywhere else, so it ‘overhears’ the sensor data which is sent via Bluetooth to «smart “watch or the user’s fitness tracker in the connected” smart “mobile phone (smartphone) victim.
The researchers noted that because the wearable devices have small size and relatively limited processor capabilities, they cannot be equipped with sophisticated cyber-security system, which makes them more vulnerable to hackers.
Currently, the recommended solution for manufacturers is to introduce artificially a certain ‘noise’ in the sensor data.”Noise” will make it more difficult for hackers to infer the specific movements of the user’s hand. But in the future, what should be done, is to create better encryption systems to wearable.Share This: