Wearable Motion Data Can Leak Your Passwords and ATM Pins

Wearable security must get better, according to new research that shows ATM pins and passwords can be stolen through motion data alone.

Rod Trent

July 7, 2016

1 Min Read
Wearable Motion Data Can Leak Your Passwords and ATM Pins

According to researchers from Binghamton University and the Stevens Institute of Technology, you don’t need to store passwords and ATM pins directly on your smartwatch or fitness wearable for hackers to steal them – you only need to type them in as normal.

The researchers developed an algorithm that cracks passwords at a high accuracy rate just based on the collected motion data. Motion data is supplied by accelerometers, gyroscopes and magnetometers embedded inside most wrist-worn fitness wearables and smartwatches. Using 20 adults over 11 months, the team tested against 5,000 key-entry tests on three key-based security systems. The result was that the algorithm was able to crack passwords with 80 per cent accuracy on the first try and more than 90 per cent accuracy after three tries.

Due to device design, footprint, and limited computing power, improving hardware security is difficult. However, the research team suggests that more has to be done to provide stronger encryption for the data stream.

The research is detailed in a report called “Friend of Foe?: Your Wearable Devices Reveal Your Personal Pin.”

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like