Friday, July 8, 2016

Study: How Your Smartwatch Gives Away Your ATM Pin

Study: How Your Smartwatch Gives Away Your ATM Pin

The sudden popularity of wearable devices, researchers from Binghamton University and the Stevens Institute of Technology warned consumers about the potential risk of these devices to give away valuable information such as ATM pins.

"Wearable devices can be exploited," said Yan Wang, assistant professor of computer science within the Thomas J. Watson School of Engineering and Applied Science at Binghamton University and co-author of the study, in a statement. "Attackers can reproduce the trajectories of the user's hand then recover secret key entries to ATM cash machines, electronic door locks and keypad-controlled enterprise servers."

According to a paper published in the proceedings Association for Computing Machinery, attackers can exploit wearable devices, such as smartwatch and fitness trackers, in two ways. Both techniques utilizes the embedded sensors in wearable technologies along with computer algorithm to predict private PINs and passwords with 80-percent accuracy on the first try and more than 90-percent accuracy after three tries.

The first technique, called internal attack, the attackers use a malware to access the embedded sensors in wrist-worn devices. When the victim access a key-based security system, the malware sends the sensor data back to the attacker, in which can be aggregated to determine the victim's PIN.

On the other hand, the sniffing method requires a sniffer to be placed near the key-based security system. The sniffer will then pry on the sensor data from the wearable devices sent via Bluetooth to the victim's associated smartphones.

To test out the two methods, the researchers conducted 5,000 key-entry tests on three key-based security systems, including an ATM, with 20 adults wearing a variety of technologies over 11 months. The researchers were able to trace millimeter-level information of fine-grained hand movements from accelerometers, gyroscopes and magnetometers inside the wearable technologies regardless of a hand's pose. Using "Backward PIN-sequence Inference Algorithm" researchers utilize distance and direction estimations between consecutive keystrokes from the measurements to crack PIN codes with superb accuracy even without context clues about the keypad.

Their findings clearly showed that the size and power of wearable devices do not allow robust security measures. However, researchers recommended adding certain type of noise to data in order to prevent the sensors in wearable devices to measure fine-grained hand movements.


Regards

Pralhad Jadhav
Senior Manager @ Library
Khaitan & Co


Best Paper Award | Received the Best Paper Award at TIFR-BOSLA National Conference on Future Librarianship: Innovation for Excellence (NCFL 2016) on April 23, 2016.  The title of the paper is “Removing Barriers to Literacy: Marrakesh VIP Treaty”
Note | If anybody use these post for forwarding in any social media coverage or covering in the Newsletter please give due credit to those who are taking efforts for the same.

No comments:

Post a Comment