Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Can Use Smart Watch Movements To Reveal A Wearer's ATM PIN (ieee.org)

Posted by BeauHD on from the left-hand-free dept.

the_newsbeagle writes: By gaining access to the sensors in someone's smart watch, hackers could track the person's hand movements at an ATM and figure out his/her pin. The hacker needn't be anywhere near the ATM; data can be lifted from the smart watch by either a discreet wireless sniffer or by malware on the watch that sends info to a server. This is hardly the first demonstration of the security flaws in smart watches. Last year, a research group showed that a watch's sensors can reveal keystrokes on a computer keyboard. The team of researchers, led by Chen Wang and Yingying Chen at the Stevens Institute of Technology in Hoboken, New Jersey, were able to record movements down to the millimeter and crack private ATM PINs with 80 percent accuracy on the first try. To eliminate the security breach, manufacturers could better secure the data stored in their wearables, and/or add noise so one's physical hand movements cannot be as easily translated. Of course, consumers could simply wear their smart watch on their non-dominant hand.

3 of 105 comments (clear)

  1. Non-dominant hand by Anonymous Coward · · Score: 5, Insightful

    I can't speak for everyone, but I think almost everyone wears their watch on their non-dominant hand?

    1. Re:Non-dominant hand by F.Ultra · · Score: 4, Insightful

      Also they have to somehow hack the watch in the first place, it's not like it publicly distributes out all the sensor readings.

  2. Impractical technique by academics, news at 11 by ShooterNeo · · Score: 4, Insightful

    University professors are under constant pressure to come up with something interesting to show they are a world class expert in their field. And grad students who do most of the grunt work are under pressure to prove themselves as well. So this is yet another impractical technique. No hacker is going to bother with something this hard to make work. Maybe a nation state hacking team might, but probably not.

    Much simpler to install a hidden camera or a direct electrical monitor on the button presses from the keypad itself. Also, look at it this way. On that bitcoin bazaar, Evolution I think it was called, people's pin numbers were about 10 bucks each. Not worth this kind of hassle. This tells me there is far more stolen information readily available than there are crooks to use that information to make fraudulent purchases and cash withdraws with.

    Which makes sense - there are probably still many, many ways to gain access to a database of credit card numbers, or places to set up a skimmer. The actual task of writing the number to a fake credit card and then using it somewhere in person is a far riskier task and one far more likely to result in one's eventual arrest and imprisonment...