Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.

Did Your Smart Watch and Fitness Tracker Just Give Away Your PIN?

posted by janrinok on Wednesday July 13 2016, @02:01AM   Printer-friendly
from the not-so-smart dept.

Runaway1956 writes:

A new research report reveals that popular wearable devices may leak information as you use them. Researchers discovered that the motions of your hands as you use PIN pads, which is continually and automatically recorded by your device, can be hacked in real time and used to guess your PIN with more than 90 percent accuracy within a few attempts.

Wearable devices -- Fitbits, Jawbones, Nike+, Apple Watches and the like -- are white-hot. The tech segment is already producing an estimated $14 billion in sales worldwide, and expected to more than double within four years, climbing to north of $30 billion.

But a new Stevens Institute of Technology research report reveals those cool wearables just may leak information as you use them. Stevens researchers discovered that the motions of your hands as you use PIN pads, which is continually and automatically recorded by your device, can be hacked in real time and used to guess your PIN with more than 90 percent accuracy within a few attempts. Electrical and computer engineering professor Yingying Chen and three of her graduate students carried out the tests in Stevens labs, assisted by Stevens alumnus Yan Wang Ph.D. '15, now a professor at Binghamton University.

"This was surprising, even to those of us already working in this area," says Chen, a multiple-time National Science Foundation (NSF) awardee. "It may be easier than we think for criminals to obtain secret information from our wearables by using the right techniques. "The Stevens team outfitted 20 volunteers with an array of fitness wristbands and smart watches, then asked them to make some 5,000 sample PIN entries on keypads or laptop keyboards while "sniffing" the packets of Bluetooth low energy (BLE) data transmitted by sensors in those devices to paired smartphones.

"There are two kinds of potential attacks here: sniffing attacks and internal attacks," explains Chen. "An adversary can place a wireless 'sniffer' close to a key-based security system and eavesdrop sensor data from wearable devices. Or, in an internal attack, an adversary accesses sensors in the devices via malware. The malware waits until the victim accesses a key-based security system to collect the sensor data."

[...]

"Further research is needed, and we are also working on countermeasures," concludes Chen, adding that wearables are not easily hackable -- but they are hackable.

I know what I'm buying for Christmas this year - for all my coworkers!

Original Submission

 
This discussion has been archived. No new comments can be posted.
Did Your Smart Watch and Fitness Tracker Just Give Away Your PIN? | Log In/Create an Account | Top | 9 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Insightful) by wonkey_monkey on Wednesday July 13 2016, @07:29AM

    by wonkey_monkey (279) on Wednesday July 13 2016, @07:29AM (#373988) Homepage

    No, and fuck condescending clickbait-style headlines. I am capable of being interested in things without trying to make them personally relevant.

    --
    systemd is Roko's Basilisk
    Starting Score:    1  point
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4