Smartwatches and Fitness Trackers can Spy Your ATM PIN Number & Unlock Smartphone

IoT extends the connectivity of physical devices beyond the standard devices, it affects the daily lives of the users and their information security.

Wearables increase the efficiency of data gathering, researchers from the University of Michigan and the University of South Carolina found it is possible to add thousands of steps to a Fitbit using sound waves at different frequencies.

Experts believe that IoT could contain more than 30 billion objects by 2020 and its market value could reach $7.1 trillion by 2020.

Security researchers from Kaspersky published a research report on examining how wearable signals within wearable devices could allow attackers to intrude victims’ privacy and to gain access to the corporate network of the company they associated.

Most of the smartwatches are cyberphysical systems that controlled by computer algorithms and they are equipped with sensors like magnetometers, accelerometers, and gyroscopes that logs user data.

Kingwear KW88 and PYiALCY X200 smartwatches are selected for this study due it’s simplicity of writing apps for them and they developed a simple app for the study.

Tracking the Victim

With smartwatch inbuilt accelerometers and gyroscopes signals readings, it can be assumed the user activity at the moment.

When the user is walking, the hand wearing the smartwatch oscillates like a pendulum. Pendulum swings are a periodic process, so it can be assumed that the user was walking at that moment.

In another segment there no change with the periodic oscillations but the change in the accelerometer signal envelope axis. Possibly it could be a public transport with stops.

Another time slice is with short periods of activities and unexpected hand movements, researchers assumed the person could probably indoors.

PIN codes

According to researchers, it is possible to capture a PIN code based on the accelerometer and gyroscope signals from a smartwatch.

By deciphering the three axes of the accelerometer and gyroscope signals, a random person pin code can be detected with a minimum accuracy of 80%.

Computer and smartphones unlocking

For unblocking the device the hand movements and corresponding acceleration are minimal. Based on the cross-correlation of data for the corresponding axes of the accelerometer and gyroscope.

Smallest cross-correlation function values obtained for unlocking smartphones (up to 64%), and for computer password it is the largest (up to 96%).

Researchers concluded that “without a doubt, portable cyber-physical systems expand the attack surface for potential intruders. The recorded signals can be transmitted by the phone to the attacker’s server whenever the latter has access to the Internet.”

“So an unassuming fitness app or a new watch face from the Google Play store can be used against you, right now in fact”.