Researchers from Binghamton University in the US managed to find out that hackers can easily exploit smartwatches or any other fitness tracker devices to steal ATM/Credit Card PIN or passwords

How Hackers Can Steal Your ATM PIN From Your Smartwatch or Fitness Tracker

As we all know, online accounts can be hacked in numerous ways. But have you ever thought that Hackers can use your smartwatch to record everything that you write by monitoring your hand movements?

According to the recent studies, Researcher from Binghamton University in the US managed to find out that hackers can easily exploit smartwatches or any other fitness tracker. Their algorithm “Backward PIN-Sequence Inference” can capture anything a person type on any keyboard or Keypads with about 80% success on first attempt and 90% success with 3 tries

According to the sources, Researchers linked data from the embedded sensors in some wearable technologies like Smartwatches or any other fitness tracker along with the “Backward PIN-sequence Inference Algorithm” to crack private PIN and Passwords with high precision.

Yan Wang, a member of the research team said “Wearable devices can be exploited. Attackers can reproduce the trajectories of the user’s hand and recover secret key entries to ATM cash machines, electronic door locks, and keypad-controlled enterprise servers”

During the study, Researcher team tested 20 adults using various different wearable technologies over a period of 11 months and carried 5,000 key-entry tests on three key-based security system which also includes an ATM. During the period the team managed to record millimetre-level information of fine-grained hand movements from accelerometers, Gyroscopes and magnetometers sensors which are present inside the wearable technologies regardless of a hand’s pose.

Apart from this Yan Wang also said “There are two attacking scenarios that are achievable: internal and sniffing attacks. In an internal attack, attackers access embedded sensors in wrist-worn wearable devices through malware. The malware waits until the victim accesses a key-based security system and sends sensor data back. Then the attacker can aggregate the sensor data to determine the victim’s PIN. An attacker can also place a wireless sniffer close to a key-based security system to eavesdrop sensor data from wearable devices sent via Bluetooth to the victim’s associated smartphones.”

However, the researcher claims that their techniques are the first to reveal this type of potential security vulnerabilities. But, they do suggest developers to “inject a certain type of noise to data so it cannot be used to derive fine-grained hand movements, while still being effective for fitness tracking purposes such as activity recognition or step counts”