Compromised smartwatches can glean your PIN code

Some institutions, like schools, have banned the use of smartwatches because of their ability to spy and cheat but there might be a worse scenario that involves these wearable devices (unless you’re like Hermione who thinks expulsion is a fate worse than death). According to researcher Tony Beltramelli, a smartwatch’s motion sensors can be used together with a Deep Learning program in order to interpret the wearer’s hand movements when entering a PIN on a 12-digit keypad, whether it be a physical one like an ATM or a virtual one on a phone or tablet.

Compromised smartwatches can glean your PIN code

In theory, it sounds simple and even probably scary. A smartwatch, of course, has a couple of sensors that detect movement. An app installed on the smartwatch could detect these movements and send that sensor data to, say, a nearby smartphone connected via Bluetooth. The smartphone can then process this data, or relay it to a computer, and, using deep learning algorithms, interpret those movements into key presses. Beltramelli says that there is a 73% accuracy for logging movements on a touchscreen and a significantly lower 59% for keypad logging. It’s not perfect but still too close for comfort.

In practice, however, it’s far from a horrific scenario. For one, it’s not entirely accurate, but deep learning can, well, learn better. Not all people enter numbers with the same hand that wears their smartwatch, which could be a good thing to keep in mind should this hack become more sophisticated.

But most importantly, the “vulnerability” requires several pieces to be in place for it to work. For one, there needs to be an app installed on the smartwatch for it to even start. That may or may not be a problem, depending on how smartwatch apps become prevalent to the point that users will haphazardly install them like they do smartphone apps. And since not all smartwatches have 3G or even Wi-Fi connectivity, the app needs to send its data payload through Bluetooth, which means that the perpetrator would need to be within range.

None of these limitations will last forever, however. There might come a time when smartwatches truly become ubiquitous and sundry. When that day comes, they will be as much a target as smartphones are today.


Share on FacebookPin on PinterestTweet about this on TwitterShare on LinkedIn