In a recent research, scientists revealed that they were able to use sensor data from wearable devices, such as smartwatches and fitness trackers, to hack into private PINs, achieving almost 90% accuracy. The researchers from Stevens Institute of Technology and Binghampton University developed a computer algorithm that could hack into passwords with 80% accuracy in first try, and after three tries, the accuracy increased to a staggering 90%.
"Wearable devices can be exploited. Attackers can reproduce the trajectories of the user's hand then recover secret key entries to ATM cash machines, electronic door locks and keypad-controlled enterprise servers," said Yan Wang, assistant professor at Binghamton University in the US.
In their paper, the researchers described how they were able to use the minute data captured by the sensors in these wearable devices and then, with the help of a computer algorithm, were able to crack a security password and a PIN number with almost 90% accuracy.
"In this work, we show that a wearable device can be exploited to discriminate mm-level distances and directions of the user's fine-grained hand movements, which enable attackers to reproduce the trajectories of the user's hand and further to recover the secret key entries. In particular, our system confirms the possibility of using embedded sensors in wearable devices, i.e., accelerometers, gyroscopes, and magnetometers, to derive the moving distance of the user's hand between consecutive key entries regardless of the pose of the hand. Our Backward PIN-Sequence Inference algorithm exploits the inherent physical constraints between key entries to infer the complete user key entry sequence," Yan Wang said.
Previous researches have already highlighted how the fitness trackers are failing to secure the user's data, suggesting that these weaknesses can be exploited by hackers to break into secure systems.