Latest in Science

Image credit: David Paul Morris/Getty Images

Your smartwatch is also recording your PIN

And tracking your steps all the way to the ATM.
1384 Shares
Share
Tweet
Share
Save

Sponsored Links

David Paul Morris/Getty Images

With all the personal data it collects, your wrist-mounted wearable computer is almost definitely going to betray you at some point, whether that's a reminder to get up and do another 5,000 steps this afternoon or accidentally giving away your ATM PIN. According to a new paper, ominously titled "Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN" it is surprisingly simple to determine your PIN or password by reverse-engineering motion sensor data from a smartwatch or fitness tracker.

In the paper, a team of researchers from the Stevens Institute of Technology and Binghamton University describe a deceptively straightforward method that can reportedly guess your password with about 80 percent accuracy on the first attempt. Although the paper doesn't name specific devices that are vulnerable, it does note that many record your hand's movements with enough detail to precisely identify keypresses.

"The team was able to record millimeter-level information of fine-grained hand movements from accelerometers, gyroscopes and magnetometers inside the wearable technologies regardless of a hand's pose," Phys.org reports. While the data alone won't tell an attacker you're using your birthday as your PIN, the researchers built their own algorithm that can decipher the motion data even if they don't know anything about the keypad you're poking at. What's more: an attacker can get this data either by using malware installed directly on the device or remotely by eavesdropping on the Bluetooth connection that sends the data to your smartphone.

As for a solution, the research team suggests developers should obfuscate sensitive data by introducing "a certain type of noise data" that would allow it to still be used for fitness tracking, but not keystroke-guessing. Or, you could always take a low-tech approach and remember to enter your passwords with the hand that isn't wearing a highly sophisticated motion tracking device.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1384 Shares
Share
Tweet
Share
Save

Popular on Engadget

Marvel axes two of its Hulu animated shows

Marvel axes two of its Hulu animated shows

View
Porsche's first Super Bowl ad in 23 years is for the electric Taycan

Porsche's first Super Bowl ad in 23 years is for the electric Taycan

View
'Uncharted' movie delayed to March 5th, 2021

'Uncharted' movie delayed to March 5th, 2021

View
Apple gets its WiLan patent payout reduced to $85.2 million

Apple gets its WiLan patent payout reduced to $85.2 million

View
Senator calls on Tesla to make Autopilot safety changes

Senator calls on Tesla to make Autopilot safety changes

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr