Your online accounts can be hacked in numerous ways, from brute force attacks to phishing scams. But if you wear a smartwatch, hackers could theoretically record anything you type by monitoring your hand movements, according to a study published yesterday.
Computer scientists at Binghamton University and New Jersey's Stevens Institute of Technology came up with an algorithm that can monitor accelerometers, gyroscopes, and magnetometers in wearable devices to guess a complete key entry sequence.
This isn't just about tracking what you might type on your smartwatch: the algorithm can be used to guess anything you type on any keyboard—from ATM keypads to the key combos you use while playing World of Warcraft—with astonishing accuracy. The researchers collected 5,000 key-entry traces collected from 20 adults for key-based security systems, either keypads or full keyboards, and their technique guessed the correct password 80 percent of the time with only one try, and more than 90 percent of the time with three tries.
The Best Smartwatches of 2016
"The threat is real, although the approach is sophisticated," Binghamton computer science professor Yan Wang told Phys.org. There are actually two approaches: one involves malware installed on a smartwatch, which monitors sensor data when the wearer is typing a PIN or password and sends the data back to the hacker.
The other involves placing a wireless "sniffer" close to the keypad or keyboard, which attempts to establish a Bluetooth connection to the smartwatch so it can access the sensor data.
The researchers claim that their technique is the first to reveal PINs using wearables, but similar methods have been used in the past to guess keypad entries. In 2014, security researcher Qinggang Yue used a camcorder to capture password-entry sequences from up to 44 meters away, achieving what he said was a 100 percent success rate in identifying the password. That vision-based method relied on programmed assumptions about the keyboard's layout, and Yue said it could be fooled if it couldn't recognize a particular layout.
No comments:
Post a Comment