Latest in Science

Image credit: David Paul Morris/Getty Images

Your smartwatch is also recording your PIN

And tracking your steps all the way to the ATM.
1384 Shares
Share
Tweet
Share
Save

Sponsored Links

David Paul Morris/Getty Images

With all the personal data it collects, your wrist-mounted wearable computer is almost definitely going to betray you at some point, whether that's a reminder to get up and do another 5,000 steps this afternoon or accidentally giving away your ATM PIN. According to a new paper, ominously titled "Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN" it is surprisingly simple to determine your PIN or password by reverse-engineering motion sensor data from a smartwatch or fitness tracker.

In the paper, a team of researchers from the Stevens Institute of Technology and Binghamton University describe a deceptively straightforward method that can reportedly guess your password with about 80 percent accuracy on the first attempt. Although the paper doesn't name specific devices that are vulnerable, it does note that many record your hand's movements with enough detail to precisely identify keypresses.

"The team was able to record millimeter-level information of fine-grained hand movements from accelerometers, gyroscopes and magnetometers inside the wearable technologies regardless of a hand's pose," Phys.org reports. While the data alone won't tell an attacker you're using your birthday as your PIN, the researchers built their own algorithm that can decipher the motion data even if they don't know anything about the keypad you're poking at. What's more: an attacker can get this data either by using malware installed directly on the device or remotely by eavesdropping on the Bluetooth connection that sends the data to your smartphone.

As for a solution, the research team suggests developers should obfuscate sensitive data by introducing "a certain type of noise data" that would allow it to still be used for fitness tracking, but not keystroke-guessing. Or, you could always take a low-tech approach and remember to enter your passwords with the hand that isn't wearing a highly sophisticated motion tracking device.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1384 Shares
Share
Tweet
Share
Save

Popular on Engadget

HyperX just made its Cloud Alpha gaming headset even better

HyperX just made its Cloud Alpha gaming headset even better

View
Spotify's Premium Family plans get an explicit content filter

Spotify's Premium Family plans get an explicit content filter

View
NVIDIA ray-tracing on 'Minecraft' looks surprisingly cool

NVIDIA ray-tracing on 'Minecraft' looks surprisingly cool

View
MIT experts find a way to reduce video stream buffering on busy WiFi

MIT experts find a way to reduce video stream buffering on busy WiFi

View
NASA selects proposals for smallsats built to study deep space

NASA selects proposals for smallsats built to study deep space

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr