According to security experts, wearable tech can leak sensitive information such as passwords and PIN numbers.
According to Tech Crunch, the Internet of Things (IoT) poses increasing security threats related to the lack of expertise in the ways companies add connectivity to the new gadgets. The sensitivity of the connected sensors is also another security flaw that can open up potential attack backdoors for hackers.
A research conducted by a team from the department of electrical and computing engineering at the Binghamton University in New York State and Stevens Institute of Technology has found that wearable devices such as fitness trackers and smartwatches could compromise a user's PIN due to the motion sensing data generated. The results of the study were published on the Stevens Institute of Technology webpage. The research was also published by IEEE Spectrum.
The research team combined an algorithm created to infer key entry sequences based on analyzing hand movements with wearable sensor data harvested from more than 5,000 key entry traces made by 20 adults. The researches have applied the technique to different types of keypads, including Qwerty and ATM style keypad variants. They were using three different wearables including a nine-axis motion-tracking device and smartwatches.
On the first attempt, the researchers were able to crack PINs with 80 percent accuracy and after three tries they reached more than 90 percent accuracy. This shows that a wearable device can be easily exploited by attackers in order to reproduce the trajectories of the user's hand and recover the PINs, passwords and other secret key entries.
When a person inputs their PIN, the attack method would not even require a hacker to be nearby. A wireless sniffer placed close to a keypad to capture Bluetooth packets transmitted between a smartphone and the wearable device could easily steal the data packets. According to Network World, another method used by hackers to stole PINs and passwords could be installing malware installed on the wearable or smartphone in order to intercept the data and send it on to the attacker.