Wearable Motion Data Can Leak Your Passwords and ATM Pins

According to researchers from Binghamton University and the Stevens Institute of Technology, you don’t need to store passwords and ATM pins directly on your smartwatch or fitness wearable for hackers to steal them – you only need to type them in as normal.

The researchers developed an algorithm that cracks passwords at a high accuracy rate just based on the collected motion data. Motion data is supplied by accelerometers, gyroscopes and magnetometers embedded inside most wrist-worn fitness wearables and smartwatches. Using 20 adults over 11 months, the team tested against 5,000 key-entry tests on three key-based security systems. The result was that the algorithm was able to crack passwords with 80 per cent accuracy on the first try and more than 90 per cent accuracy after three tries.

Due to device design, footprint, and limited computing power, improving hardware security is difficult. However, the research team suggests that more has to be done to provide stronger encryption for the data stream.

The research is detailed in a report called “Friend of Foe?: Your Wearable Devices Reveal Your Personal Pin.”