Smartwatches, fitness trackers can give away your ATM PIN

Wearable devices can give away your passwords, say scientists who, for the first time, used data from sensors in smartwatches and fitness trackers to crack private PINs with upto 90% accuracy .

The researchers from Binghamton University and the Stevens Institute of Technology in the US using a computer algorithm could crack passwords with 80% accuracy on the first try and more than 90% accuracy after three tries. “Attackers can reproduce the trajectori es of the user’s hand then recover secret key entries to ATM cash machines, electronic door locks and keypadcontrolled enterprise servers,“ said Yan Wang, assi stant professor at Binghamton University, trackers

Researchers conducted 5,000 key-entry tests on three key-based security systems, including an ATM, with 20 adults wearing a variety of technologies over 11 months.

The team was able to re cord millimetre-level information of fine grained hand movements from accelerometers, gyroscopes and magnetometers inside the wearable technologies regardless of a hand’s pose. Those measurements lead to distance and direction estimations between consecutive keystrokes, which the team’s “Backward PIN-sequence Inference Algorithm“ used to break codes with alarming accuracy.

The findings are an early step in understanding security vulnerabilities of wearable devices.