Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Can Use Smart Watch Movements To Reveal A Wearer's ATM PIN (ieee.org)

Posted by BeauHD on from the left-hand-free dept.

the_newsbeagle writes: By gaining access to the sensors in someone's smart watch, hackers could track the person's hand movements at an ATM and figure out his/her pin. The hacker needn't be anywhere near the ATM; data can be lifted from the smart watch by either a discreet wireless sniffer or by malware on the watch that sends info to a server. This is hardly the first demonstration of the security flaws in smart watches. Last year, a research group showed that a watch's sensors can reveal keystrokes on a computer keyboard. The team of researchers, led by Chen Wang and Yingying Chen at the Stevens Institute of Technology in Hoboken, New Jersey, were able to record movements down to the millimeter and crack private ATM PINs with 80 percent accuracy on the first try. To eliminate the security breach, manufacturers could better secure the data stored in their wearables, and/or add noise so one's physical hand movements cannot be as easily translated. Of course, consumers could simply wear their smart watch on their non-dominant hand.

105 comments

  1. Non-dominant hand by Anonymous Coward · · Score: 5, Insightful

    I can't speak for everyone, but I think almost everyone wears their watch on their non-dominant hand?

    1. Re:Non-dominant hand by Anonymous Coward · · Score: 3, Funny

      I'm left handed and wear my watch on my left hand. I don't wear any of these smartwatch tracking devices, though. If someone wants my ATM PIN they're going to have to get it the old fashioned way, sucker me into marrying them.

    2. Re:Non-dominant hand by fj3k · · Score: 1

      People tell me I'm weird because I wear mine on my dominant hand. So I doubt this would be a worthwhile attack; I honestly don't know anyone else who is does wear it on their dominant hand (granted, small sample size).

      On a personal note, I'm not worried. I figured out how to type my pin without any visible movement of my hand (the unavoidable movements being covered by my other hand). This was because there were a number of cases of people installing cameras near ATMs to steal PINs. I just checked, and my non-smart watch doesn't move more than a milimetre in any direction. If I upgrade to a smart watch, they're still not getting anything.

      --
      Two men claimed to have walked into a bar. Only one had the bruises to prove it.
    3. Re:Non-dominant hand by Anonymous Coward · · Score: 0

      I wear my StupidWatch on my dominant hand but I use my non-dominant hand to enter PIN codes because the world has trained me to use numeric keypads with my right hand.

    4. Re:Non-dominant hand by skids · · Score: 1

      I wonder if small compensating/ripple movements of the torso are enough the extract keylogging from a cell phone in a pocket, though, given a large enough sample.

      --
      Someone had to do it.
    5. Re:Non-dominant hand by AK+Marc · · Score: 2

      Yes. In fact, many smart watches recommend it (though I only recall it specifically when reading the directions for a Fitbit Charge HR, I can't speak to any others, but step count is impacted by dominant-hand movements.

      What I can't understand is how they can get keys from a wrist. My wrist is relatively still. I use a wrist rest, and I use my fingers to reach the keys, and moving my wrist is only when using numbers or symbols. And I touch-type, so I don't move my arms much at all, but my fingers are moving. I'd be amazed if they could sense the movement of the tendons in the wrist. If that's the case, you can measure pulse with them. My pulse makes my wrist move as well. So why are there no apps for that? Makes me think they aren't sensitive enough to have exploits work outside the lab.

      --
      Learn to love Alaska
    6. Re:Non-dominant hand by Anonymous Coward · · Score: 0

      One reason among many NOT to have a "smart" watch!

    7. Re:Non-dominant hand by dbIII · · Score: 1
      This was at an ATM so hand movement would be far greater than at a conventional keyboard. People tend to move their entire hand and poke with their fingers at the vertical keypad than move the way they would when typing on something close to horizontal.
      What you describe would indeed be very hard even with a row of sensors able to distinguish individual tendons. I think sensors on knuckles would be needed as well.

      If that's the case, you can measure pulse with them

      I've seen some that do that but they were more dedicated "fitness watches" than "smart watches"

    8. Re:Non-dominant hand by F.Ultra · · Score: 4, Insightful

      Also they have to somehow hack the watch in the first place, it's not like it publicly distributes out all the sensor readings.

    9. Re:Non-dominant hand by Anonymous Coward · · Score: 0

      Not to mention running the risk of having your Luddite membership revoked.

    10. Re:Non-dominant hand by Austerity+Empowers · · Score: 1

      I can't speak for everyone, but I think almost everyone wears their watch on their non-dominant hand?

      90% of people are right handed. I don't have a statistic for what wrist people wear watches on, but in a sample size of 100 I found that 100 wore their watch on their left hand. Presumably some of these people are left handed, although I have no way of knowing. This means hackers are engaged in hate crimes against left handers.

    11. Re:Non-dominant hand by Austerity+Empowers · · Score: 1

      That's a good point, if there's a physical keypad it invariably is located on the right side.

    12. Re:Non-dominant hand by Anonymous Coward · · Score: 0

      I'm ambidextrous, you insensitive clod!

    13. Re:Non-dominant hand by Anonymous Coward · · Score: 0

      I was going to make this exact point myself.

    14. Re:Non-dominant hand by invictusvoyd · · Score: 1

      Dominant hand or not , I don't play piano with the ATM keypad . my hand does not move while punching 4 digits.

    15. Re:Non-dominant hand by Anonymous Coward · · Score: 0

      I also type at an ATM keyboard with my non-dominant (right) hand...

    16. Re: Non-dominant hand by Anonymous Coward · · Score: 0

      Umm, what?

      In all the ATM's I encounter (two different bank chains), the pad is in the middle and card insert and cheque deposit is on right.

    17. Re:Non-dominant hand by Anonymous Coward · · Score: 0

      ATMs don't have wrist rests, you idiot.

    18. Re: Non-dominant hand by Anonymous Coward · · Score: 0

      It would have too, unless you have super long fingers, they have millimetre precision so can infer the keystrokes from the slightest movement of your wrist.

    19. Re:Non-dominant hand by MobileTatsu-NJG · · Score: 2

      I use a wrist rest, and I use my fingers to reach the keys, and moving my wrist is only when using numbers or symbols.

      It's just a big game of deduction. The watch can distinguish between the five elevations your hand has to turn to determine which row you're on just from its tilt. The microphone on it could probably distinguish which finger is striking the key just by volume. Heck, just the mere fact that some of the sound of the keys directly under your hand will be slightly muffled is enough to categorize them.

      To me the bigger issue isn't in working out a process to do this, rather it's the calibration process. Can you get your victim to wear a watch while he or she types something predictable for a while?

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

    20. Re:Non-dominant hand by AK+Marc · · Score: 1

      But keyboards do.

      "Last year, a research group showed that a watch's sensors can reveal keystrokes on a computer keyboard."

      --
      Learn to love Alaska
    21. Re:Non-dominant hand by AK+Marc · · Score: 1

      I'm sure that was part of the "hack". Having the person hacked wear the watch while typing a script for hours. Just like in the wild.

      When I was using a known-compromised computer, I typed in my password in a way that the keylogger didn't catch it. "ass" click before the first a "P" click after the last s "word". Sure, someone could have a good start at guessing it, but the keylogger didn't catch it directly.

      I also expect the test script is not a strong password. "I have a dream" or something like that. They also map only the one hand, so a 2-handed word is pure guesswork.
      ,br.They did mention they train it on themselves. But no word on the accuracy of applying the training across people. No mention of accuracy at all.

      --
      Learn to love Alaska
    22. Re:Non-dominant hand by Anonymous Coward · · Score: 0

      Definitely!

      It is hipster detector. Watch - on non-dominant hand.

    23. Re:Non-dominant hand by Joce640k · · Score: 1

      People tell me I'm weird because I wear mine on my dominant hand.

      Damn, that is weird. Why on earth would you do that?

      Are you one of those people who wears a watch in bed, too?

      --
      No sig today...
    24. Re:Non-dominant hand by Joce640k · · Score: 1

      it's not like it publicly distributes out all the sensor readings.

      Pfff. That's what you think.

      --
      No sig today...
    25. Re:Non-dominant hand by Joce640k · · Score: 2, Funny

      This 'attack' is pointless.

      Any idiot who spends money on smart watches isn't going to have any money in his account anyway.

      --
      No sig today...
    26. Re:Non-dominant hand by Anonymous Coward · · Score: 0

      Right handed and I wear my watch on my right hand, and my PIN is done with my left while the right covers the pad.

    27. Re:Non-dominant hand by jawtheshark · · Score: 1
      Why is it weird?

      I do that too. Right hander, I need my watch on my right hand. Doing otherwise feels wrong to me.

      --
      Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
    28. Re:Non-dominant hand by jawtheshark · · Score: 1

      I'm right handed. I wear my watch on my right hand.

      --
      Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
    29. Re:Non-dominant hand by sabbede · · Score: 2

      Pretty much, yeah. It's how people avoid pouring coffee all over themselves when asked for the time.

    30. Re:Non-dominant hand by daq+man · · Score: 1

      Yep, that was my first thought. I type my PIN with the other hand. So, a non issue for the most part.

      Also, I go to the ATM maybe once a month but type on a computer at work for 8 hours + per day. So, a hacker would not only have to hack my watch but also pinpoint the few seconds that I was at the ATM. Of course they could try to use the same hack to record keystrokes but my typing pattern is so bizarre that I challenge anyone to figure out which keys I am pressing based on which fingers are moving.

    31. Re:Non-dominant hand by Anonymous Coward · · Score: 0

      Exactly. My first thought was "Yet another 'vulnerability' where if the hacker even has access to this you already have been compromised". You are already screwed. Nothing to see here.

    32. Re:Non-dominant hand by Anonymous Coward · · Score: 0

      Just to jump into the conversation: I wear my watch to bed. This is because I am a VERY heavy sleeper and have a hard time waking up to an alarm clock. I wear a Martian Notifier watch (not quite a smart watch, but is bluetooth with some smart functions for notifications) when I sleep so that I can use it's vibration alarm clock to help wake me. It's better than audio alone. Also have a pillow shaker alarm clock.

      Even this is not perfect, though, and I've still slept through it a few times. I'm thinking of ordering Pavlok Shock Clock to use electric shock as an alarm clock.

    33. Re:Non-dominant hand by TheCarp · · Score: 1

      Certainly not speaking for me....I don't wear a watch on either wrist. I gave up on watches within a year of getting a cell phone.

      --
      "I opened my eyes, and everything went dark again"
    34. Re:Non-dominant hand by jittles · · Score: 1

      I can't speak for everyone, but I think almost everyone wears their watch on their non-dominant hand?

      I wear mine on my dominant hand but I'm fairly ambidextrous. I actually use my non-dominant hand to do PIN entry as I'm a lefty and most things are positioned for the right handed world. Plus the 10 key is on the right hand of the keyboard, anyway.

    35. Re:Non-dominant hand by T.E.D. · · Score: 1

      I'm left handed and wear my watch on my left hand.

      As a fellow lefty, I used to do that. After about 10 years of smashed watch crystals, I finally figured out why people don't do that. Its always been on my right for the last three decades.

      I may be slow, but I can learn.

    36. Re:Non-dominant hand by T.E.D. · · Score: 1

      Any idiot who spends money on smart watches isn't going to have any money in his account anyway.

      Pebbles can be had for $100. The brand new top-of-the-line models are $250. If that drains your account, I think smartwatches aren't your problem.

    37. Re: Non-dominant hand by Anonymous Coward · · Score: 0

      In case you haven't tried it, a bright, high-K "sunlight" fluorescent lamp on a circuit timer about 2-3 ft. from your head (~15-30 min before alarm goes off) does wonders for waking up and aiding your circadian rhythm. A bit tricky if you're married and your wife has a different sleep schedule than you, though. If that's the case, there are sleeping masks available with the light and timer built in.

    38. Re:Non-dominant hand by Joce640k · · Score: 1

      And .... what about all the other pointless gadgets the cheapo-pebble owners have bought?

      How much did that cost?

      And don't tell me they don't have any. If you buy a smart watch you'll buy any old crap.

      --
      No sig today...
    39. Re:Non-dominant hand by wardrich86 · · Score: 1

      Found the "1 1 1 1" guy!

    40. Re:Non-dominant hand by Anonymous Coward · · Score: 0

      For bathroom hygiene alone, wearing a watch on your dominant hand disgusts me.

    41. Re:Non-dominant hand by Anonymous Coward · · Score: 0

      Fecal matter.

    42. Re:Non-dominant hand by T.E.D. · · Score: 1

      For bathroom hygiene alone, wearing a watch on your dominant hand disgusts me.

      Its all OK if you just remember to lick the crystal clean when you are done.

    43. Re:Non-dominant hand by T.E.D. · · Score: 1

      And don't tell me they don't have any. If you buy a smart watch you'll buy any old crap.

      This kind of mystifies me. You do realize I have those #'s on the top of my head because I own one myself, right? So I'm really curious what kind of weird dystopian inspector gadget world you picture me living in. It probably doesn't much resemble my place, as the vast majority of my functioning electronic equipment was bought back in the 90's before my kids were born. I probably have about the oldest functioning DAK Catalog cheap standup speakers in existence. Wires I made myself from the highest-guage stereo wire Radio Shack sold by the yard (hillbilly Monster Cable ftw). I think the newest bit is the flatscreen TV I got for xmas from my dad back in the 2000's.

      I've always owned a watch, since 1974 at least, and having one that tells me at a glance who's calling so I don't have to pull over to check, for barely more (inflation-adjusted) than the $25 Sears watches I used to buy with my allowance money in the early 80's, that's a no-brainer. Even better, I don't have to set the time ever.

    44. Re: Non-dominant hand by Anonymous Coward · · Score: 0

      Take a look at the device you are typing this on

    45. Re:Non-dominant hand by Anonymous Coward · · Score: 0

      I think most ATMs are obviously built for right-handed use, so that lefties may be at rist if they use the ATM "as intended".(and with the malicious software running on their smarwatch).

    46. Re:Non-dominant hand by Anonymous Coward · · Score: 0

      Especially ‘smart’ watch with a touch screen. How would you use its amazing apps, like Solitaire, unless it was on the wrist of your non-dominant hand?

    47. Re:Non-dominant hand by F.Ultra · · Score: 1

      So that is why they didn't hack any wearable watch in any of these studies and instead installed an app on their own watches that could record sensor data. Why would the watch even publicly distribute the sensor readings, even with a massive NSA/Illuminati tinfoil hat measuring millions of miles high there is still no explanation for "their" need for this.

    48. Re:Non-dominant hand by Jake+Griffin · · Score: 1

      Also, in some situations, you are forced to use your non-dominant hand. I am right handed, and I wear my watch on my left. At a drive-up ATM, I am all but forced to use my left hand (driver side on the left in my country) to operate the ATM. It would be much more difficult for me to twist in the driver's seat to get my right arm far enough out the window than to just use my non-dominant hand.

      --
      SIG FAULT: Post index out of bounds.
    49. Re: Non-dominant hand by Anonymous Coward · · Score: 0

      http://i0.wp.com/www.gottabemo... ... I don't understand.

    50. Re:Non-dominant hand by ls671 · · Score: 1

      It is much more harder to crack than that since you have 10 possibilities:
      1111
      2222
      3333
      4444
      etc.

      --
      Everything I write is lies, read between the lines.
  2. Doing it with 1 Hand by Anonymous Coward · · Score: 0

    Use the chip of a card when possible and if you are holding something that can track movement in one hand, watch, phone, whatever, use the one that is electronics free to put in your pin.

  3. Impractical technique by academics, news at 11 by ShooterNeo · · Score: 4, Insightful

    University professors are under constant pressure to come up with something interesting to show they are a world class expert in their field. And grad students who do most of the grunt work are under pressure to prove themselves as well. So this is yet another impractical technique. No hacker is going to bother with something this hard to make work. Maybe a nation state hacking team might, but probably not.

    Much simpler to install a hidden camera or a direct electrical monitor on the button presses from the keypad itself. Also, look at it this way. On that bitcoin bazaar, Evolution I think it was called, people's pin numbers were about 10 bucks each. Not worth this kind of hassle. This tells me there is far more stolen information readily available than there are crooks to use that information to make fraudulent purchases and cash withdraws with.

    Which makes sense - there are probably still many, many ways to gain access to a database of credit card numbers, or places to set up a skimmer. The actual task of writing the number to a fake credit card and then using it somewhere in person is a far riskier task and one far more likely to result in one's eventual arrest and imprisonment...

    1. Re:Impractical technique by academics, news at 11 by skids · · Score: 1

      Criminals probably wouldn't, but "hackers" -- or security researchers -- might do it just for the challenge, and criminals might get a hold of that code.

      --
      Someone had to do it.
    2. Re:Impractical technique by academics, news at 11 by Anonymous Coward · · Score: 0

      best offers on smart watch

  4. I already got a hand.. by CptLoRes · · Score: 1

    now I just need some straws to grasp at.

  5. The researchers have predicted by tgibson · · Score: 3, Funny

    that I am a carpenter who hammers nails at odd hours.

    1. Re:The researchers have predicted by Anonymous Coward · · Score: 0

      I see what you mean by that

    2. Re:The researchers have predicted by avandesande · · Score: 1

      Congratulations on being 'handy'

      --
      love is just extroverted narcissism
    3. Re:The researchers have predicted by Jake+Griffin · · Score: 1

      And since the invention of the smart phone, you hammer with your non-dominant hand now. Interesting.

      --
      SIG FAULT: Post index out of bounds.
  6. That's why we wear watches on our left hands. by BitterOak · · Score: 3, Funny

    People don't realize this, but about a hundred years ago when people switched from pocket watches to wrist watches, they were clever enough to realize that future models would feature motion sensors and people would do their banking at electronic cash dispensing machines. Hence the tradition of wearing watches on the left hand.

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    1. Re:That's why we wear watches on our left hands. by Anonymous Coward · · Score: 0

      But I'm left handed you insensitive clod!
      Try "non-dominant hand" which, granted, is the hand most people wear it on, making the attack pointless.
      Even more so if it requires hacking the watch. You could already do more interesting stuff that way, like using the watch as an attack surface for the more juicy stuff on the phone.

    2. Re:That's why we wear watches on our left hands. by mark-t · · Score: 2

      Uh... no.

      The tradition of wearing watches on the left hand arose from the fact that most people are right handed, and so would want to wind a watch with their right hand. Wearing the watch on the left wrist allowed one to wind it without removing it.

      --
      File under 'M' for 'Manic ranting'
    3. Re:That's why we wear watches on our left hands. by ewhac · · Score: 1

      ...about a hundred years ago when people switched from pocket watches to wrist watches, [ ... ]

      That reminds me: Why is no one offering a smart watch in a pocket watch form factor? You'd lose pulse rate measurement, but you'd still get the rest of the fitness tracking movements. You'd also get a larger case -- allowing for larger displays and batteries -- and placing a pocket watch on a charging cradle at night wouldn't seem quite as odd as a wristwatch.

      Using a smart pocket watch would also obviate the described attack.

      --
      Editor, A1-AAA AmeriCaptions
    4. Re:That's why we wear watches on our left hands. by Paradise+Pete · · Score: 1

      and so would want to wind a watch with their right hand

      I always figured it was to reduce the chance of damage and keep it out of the way, but I don't know that. Winding is/was infrequent, wasn't it?

    5. Re:That's why we wear watches on our left hands. by Paradise+Pete · · Score: 2

      Why is no one offering a smart watch in a pocket watch form factor?

      They have those, but they call them "phones".

    6. Re: That's why we wear watches on our left hands. by slazzy · · Score: 2

      Sounds like it could be a hipsters dream come true.

      --
      Website Just Down For Me? Find out
    7. Re: That's why we wear watches on our left hands. by Anonymous Coward · · Score: 0

      I want a pocket chain for my wallet/watch/monecle! Maybe phone gets one too.

    8. Re:That's why we wear watches on our left hands. by dbIII · · Score: 1

      I use my mobile phone as a pocket watch :)

    9. Re:That's why we wear watches on our left hands. by Anonymous Coward · · Score: 0

      WOOSH!

      Are you really that fucking dense?

    10. Re: That's why we wear watches on our left hands. by fph+il+quozientatore · · Score: 1

      Found the hipster.

      --
      My first program:

      Hell Segmentation fault

    11. Re:That's why we wear watches on our left hands. by sabbede · · Score: 1

      Neat. It makes sense, but I have to figure that the general busyness of the dominant hand plays a role. Ever see someone holding coffee in their watch bearing hand get asked for the time? Classic slapstick.

    12. Re:That's why we wear watches on our left hands. by cdrudge · · Score: 1

      Winding is/was infrequent, wasn't it?

      A hand wound mechanical watch should last at least 24 hours and would typically be wound once a day.

    13. Re:That's why we wear watches on our left hands. by mark-t · · Score: 1

      Reminds me of a time in my youth where I was playing poker and one of the other players asked me the time. I casually looked at my watch without thinking about it and told them, and as I went back to playing, I noticed a few smirks at the table. I had been holding my cards in my left hand, and I had absolutely no idea at the time that I had inadvertently just shown my entire hand to everybody.

      I didn't win anything in that hand, of course, and after the hand was over I realized what had occurred. Boy did I feel dumb.

      --
      File under 'M' for 'Manic ranting'
    14. Re: That's why we wear watches on our left hands. by LeadSongDog · · Score: 1

      Sounds like it could be a hipsters dream come true.

      Next up: Steampunk mobile phone.

      --
      Oh, I'm sorry sir, I thought you were referring to me, Mr. Wensleydale.
    15. Re:That's why we wear watches on our left hands. by sabbede · · Score: 1
      Ouch!

      Pretty dang funny though. I hope it didn't cost you anything more than embarrassment.

    16. Re:That's why we wear watches on our left hands. by mark-t · · Score: 1

      It was years and years ago... and even back then, I never gambled more money than I could actually afford to lose.

      --
      File under 'M' for 'Manic ranting'
    17. Re:That's why we wear watches on our left hands. by Paradise+Pete · · Score: 1

      And typically before putting it on, I'd think, so the wearing of the watch seems more dictated by the perceived delicateness of the device. Just my speculation, though. I don't know the answer.

    18. Re:That's why we wear watches on our left hands. by rpstrong · · Score: 1

      Meet the Runcible.

  7. Re: news at 11 by Anonymous Coward · · Score: 1

    Breaking story: Security researchers find new way to rate an individuals porn preferences using nothing but smart watch worn on the dominant (porn) hand.

  8. So what? by Anonymous Coward · · Score: 0

    I can lick my own shoulder.

  9. Project Soli by jwymanm · · Score: 1

    Probably of more concern for this (or use!): https://atap.google.com/soli/ Don't even need any electronics on the person.

  10. Ironically .... by Anonymous Coward · · Score: 3, Funny

    In this case, 1111, 2222, 3333, etc. would be the most secure PINs.

    1. Re:Ironically .... by Tomahawk · · Score: 1

      Not really - the watch will still pick up on the repetitive movements and still know what PIN you are entering. It might be better to fake press all of the buttons on the keypad in order 4 times, and only really press one button on each iteration to correspond with the PIN digits. It would be harder for the watch to determine the difference in this case, but still not impossible.

    2. Re:Ironically .... by Anonymous Coward · · Score: 0

      Not if you don't move your wrist... also, why would you move your hand at all to enter a single number four times?, you have fingers!

      PD: I'm not the above AC.

    3. Re:Ironically .... by Anonymous Coward · · Score: 0

      I normally just use multiple fingers instead of just the single index finger to enter the PIN. That'll make it much harder (though maybe impossible) to decipher the movements of my hand to derive the PIN.

  11. Repeat of a January post! by darthsilun · · Score: 1

    https://it.slashdot.org/story/...
    sheesh

    1. Re:Repeat of a January post! by bzn · · Score: 1

      THANK YOU! I thought I was going insane then...

    2. Re:Repeat of a January post! by Plus1Entropy · · Score: 1

      Yeah, I thought this sounded familiar.

      --
      Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
  12. Awesome! by RecycledElectrons · · Score: 1

    I need an update to my smartwatch that lets me wear 2 of them and use a rolled-up, printed piece of paper as a keyboard.

  13. Scramble the keypad by Archfeld · · Score: 1

    We could always just present the numbers on a keypad in a random position for each transaction. That of course would require conscious thought and effort of the person using the keypad which is probably too much to ask the 'average' user. It would also make life more difficult for blind users.

    --
    errr....umm...*whooosh* *whoosh* Is this thing on ?
    1. Re:Scramble the keypad by Tomahawk · · Score: 1

      When I was in college (in the early 90s!!!) the keypad to get through the door to the computing labs out-of-hours would scramble like this. It always looked cool and was a good idea, but also a bad idea for the very reason you mentioned - several of the students were blind and then couldn't get through the door. Then ended up turning off the scrambling.

      I was back there a couple of years ago, and the same keypad was still in place (and the same codes still worked - great security!). And it still didn't scramble.

      If you add braille to the keys too (the relevant bumps could present themselves), then it would work for blind people. But I'm sure there will be others that will run into issues... maybe put a button to the side or a selection on the screen to set them in the normal order, but default them to scramble...

    2. Re:Scramble the keypad by Plus1Entropy · · Score: 1

      It would also make life more difficult for blind users.

      You could combine the idea with those new touchscreens that can change texture and create bumps at will, moving the braille along with the numbers.

      --
      Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
  14. Hey victim... by thegarbz · · Score: 1

    Excuse me sir. Can I trouble you to type these numbers into this keypad. There's quite a few combinations and I need you to do each 3 times. Why? Oh just calibrating accelleratometer in your smartwatch so I can identify all future numbers you type.

    I'm going to guess this hack never makes it out of a laboratory.

  15. it wuz haxx0rz! by Anonymous Coward · · Score: 0

    Welp, so much for academia. They're blaming bogeymen too.

  16. ATM's are unsafe anyway by zmooc · · Score: 4, Interesting

    Even without this technology, your fingers will leave a heat mark on the ATM keys long enough for a malicious person to take a picture of it with a thermal camera. Therefore, when I use an ATM machine, I always hold my fingers over a subset of keys to warm them up while waiting for the excruciatingly slow computer in the thing to do its job. That probably sufficiently masks the thermal print left by actually entering my PIN. Furthermore, I have developed a habit of pressing on the keypad frame as if pressing a key on the pad to fool lurkers. That would probably also protect against the smartwatch appraoch. It's rather easy to protect against such attacks, just introduce sufficient noise.

    Note that most ATM machines allow pressing random keys while they're not ready for input. You might also want to press random keys during that time.

    --
    0x or or snor perron?!
    1. Re:ATM's are unsafe anyway by daq+man · · Score: 1

      I was going to accuse you of being paranoid but then again, for all I know, they may still be out to get you...

    2. Re:ATM's are unsafe anyway by Plus1Entropy · · Score: 1

      Even without this technology, your fingers will leave a heat mark on the ATM keys long enough for a malicious person to take a picture of it with a thermal camera.

      Yeah, I've played Splinter Cell too.

      --
      Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
  17. watch motion studies by Anonymous Coward · · Score: 0

    Can't wait to get the results of their time/stroke to orgasm studies. Will be well replicated, too.

  18. planned ahead by 0311 · · Score: 1

    I always wear my watch on my non-pin-entering hand; furthermore, I recently got in the habit of simulating non-pin-entering hand mini seizures, just in case this sort of thing ever happened. Take that, stupid hackers!!

  19. SecOp-sy Dropsy by WorBlux · · Score: 1

    Put your smart watch on
    Take your smart watch off
    Put your smart watch on
    And shake it all about
    Do the SecOp-sy Dropsy And pass you're secrets around
    And that's what it's all about!!!

  20. what if I type with multiple fingers? by j2.718ff · · Score: 1

    When I type my wrist doesn't move very much. I mostly move my fingers, and use several of them to type. While I can see how a person using the hunt-and-peck method could be tracked with his watch, I think it'd be much more difficult to track what the rest of us type.

  21. Not that relavant? by Justt+Some+Guy · · Score: 1

    I am right-handed and wear my watch on my left wrist, which works well so I can keep writing while look up the time.

    Considering left-handedness is a minority and watches are becoming less common overall by the younger generation, this will affect less and less people as time goes by. I'm usually the "old-timer" in the room that even wears a watch and knows what the term "DOS prompt" even means.

    Also, since smartwatches seem to need a recharge every single night, I don't see why this is much of a concern by anybody no matter which wrist you wear a watch on. Perhaps in the future when they finally resolve the battery life issue, it might.

  22. Sure they can... by dragon-file · · Score: 1

    As long as your smart watch isn't a Gear S2. I swear this thing think I hit my daily walking goal when all i'm doing is sitting and reading a book. The other day it automatically switched to cycling while I was driving my car... at 72MPH. If I could cycle that fast I wouldn't need a car. If anyone tries to get my pin using my watch all they end up with is some weird data: He's not moving... now he just moved marginally downward... now he's accelerated left at 212 MPH..... now he's stopped.... now he's in the next county....

    --
    Whenever a player quits EVE to go play WoW, the Average IQ of both games increase.
  23. (1) don''t use a smart watch, and by RockDoctor · · Score: 1

    (2) alternate hands between typing digits. It's not difficult. Step (1) is probably best.

    --
    Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"