Owners of wearable devices such as fitness trackers and smartwatches are being warned that their bank account PIN and online passwords can be hacked because hackers are able to exploit the devices and steal personal data.
According to a new report, cyber criminals could potentially breach the personal security and hack the movement sensors in the devices which is means they could gather enough information to guess what a user is typing.
This could, in theory, mean that a user’s PIN or password is compromised.
The report, Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN, was carried out by researchers at Binghamton University and the Stevens Institute of Technology in New York, who used an algorithm to crack PINs and passwords.
During the study, researchers tested 20 adults wearing a variety of different wearable tech over a period of 11 months.
They carried out 5,000 key entry tests and found they were able to obtain PINs on the first attempt a staggering 80 percent of the time and more than 90 percent of the time after three attempts.
The team were able to record information on hand movements gathered from the gyroscopes, magnetometers and accelerometers from the wearable device.
Those movements meant that the team were able to estimate the distance and direction of movements between keystrokes at an ATM. The research special ‘Backward PIN Sequence Interference Algorithm’ was then used to break passwords and pins with alarming accuracy.
Professor Yan Wang who co authored the study said: “Wearable devices can be exploited. Attackers can reproduce the trajectories of the user’s hand then recover secret key entries to ATM cash machines, electronic door locks and keypad-controlled enterprise servers.”
Wang added: “The threat is real, although the approach is sophisticated.
“There are two attacking scenarios that are achievable: internal and sniffing attacks. In an internal attack, attackers access embedded sensors in wrist-worn wearable devices through malware”.
According to Wang, malware could be used to exploit the PIN of an unsuspecting victim, waiting until they type their PIN into an ATM or any other key based security system before sending data back to cyber criminals.
While Wang and his team did not offer up any kind of solution to the problem, the study is one of the first pieces of research that helps to understand the potential security vulnerabilities of smartwatches and fitness trackers.