In their first attempt, the researchers were able to crack PINs and passwords with 80 percent accuracy and more than 90 percent accuracy after three tries. The procedure was carried out using two smartwatches and a nine-axis motion tracking device.
The team’s research paper explains further:
In this work, we show that a wearable device can be exploited to discriminate mm-level distances and directions of the user’s fine-grained hand movements, which enable attackers to reproduce the trajectories of the user’s hand and further to recover the secret key entries.
The research was carried out using LG W150 and Moto360 smartwatches. It was realized that embedded sensors in wearables can employed to track user’s hand movements during key entries:
In particular, our system confirms the possibility of using embedded sensors in wearable devices, i.e., accelerometers, gyroscopes, and magnetometers, to derive the moving distance of the user’s hand between consecutive key entries regardless of the pose of the hand. Our Backward PIN-Sequence Inference algorithm exploits the inherent physical constraints between key entries to infer the complete user key entry sequence.
Users were concerned about the possible breach of security after the research was concluded. It is believed that this should encourage wearable manufacturers to make devices more secure by including sound data encryption.
Post a Comment