Slashdot Mirror

← Back to Stories (view on slashdot.org)

Smartwatches Can Be Used To Spy On Your Card's PIN Code (softpedia.com)

Posted by samzenpus on from the lucky-numbers dept.

An anonymous reader writes: A researcher has developed a smartwatch app that can interpret hand motions and translate the movements to specific keystrokes on 12-key keypads, like the ones used at ATMs. The app sends the data to a nearby smartphone, which then relays it to a server, for analysis. The whole AI algorithm on which it's built has a 73% accuracy for touchlogging events, and 59% for keylogging. The entire code is on GitHub, along with his research paper, and a YouTube video.

3 of 50 comments (clear)

  1. And in the real world by Mr+D+from+63 · · Score: 5, Insightful

    Most people wear watches on their off hand, so it won't be a problem.

  2. Insecure by design ... by gstoddart · · Score: 4, Insightful

    So, while I see some good points about which hand you're going to type your PIN with ... as I see it, smart watches and so many other products are pretty much insecure by design.

    Some company rushes a product to market because it sounds cool, they build in some features which also sound cool, and they make it so it can communicate with everything.

    In the process someone glosses over that it wants to talk to everything, or that they forgot to add any security, or that is leaks personal information all over the place by uploading information to several different sites ... ads, analytics, telemetry, the company who sold it so they have your personal information.

    You walk into a store, it connects to their wifi, the store's app detects you, updates information about you, sends you a custom sale flyer based on your previous purchases ... it keeps track of the fact that you spend a lot of time in the pain aisle. It updates more of your information. They sell that information to 5 other places.

    You go home, it tells your thermostat you're home. Your hacked nanny cam records what you do. Google connects your last purchase with your ad profile, and when you sit down at your computer you see fresh ads for paint.

    All of these gadgets and doo-dads, I just don't see the point. I don't need to be tracked wherever I go so I can sign into Facebook or tweet that I'm in McDonalds.

    At the end of the day, between the fact that the companies you give the information to are lazy and terrible at security your information gets out, between what they share with their 15 ad partners your information gets out and you probably get served malware, and your connected whatsit probably gets hacked because it's got crap security.

    I don't trust the makers of these products, and quite frankly I can't make myself get excited about an internet connected roll of toilet paper. I don't need my fridge to tweet me that I'm low on butter. My oven doesn't need to be pre-heated from my phone. My front door doesn't need to be able to recognize my friends. My kitchen table doesn't need to update my Facebook status.

    It's insecure, or it's untrustworthy. And in an awful lot of cases it's pointless.

    --
    Lost at C:>. Found at C.
  3. Re:Touch screen keypads? by kammermusik · · Score: 3, Insightful

    Sounds like it will be hard to access by vision-impaired people.