Your Wearable Devices Reveal Your Personal PIN

Wearable devices can give away your passwords, according to new research. In the paper "Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN" scientists from Binghamton University and the Stevens Institute of Technology combined data from embedded sensors in wearable technologies, such as smartwatches and fitness trackers, along with a computer algorithm to crack private PINs and passwords with 80-percent accuracy on the first try and more than 90-percent accuracy after three tries.

Yan Wang, assistant professor of computer science within the Thomas J. Watson School of Engineering and Applied Science at Binghamton University is a co-author of the study along with Chen Wang, Xiaonan Guo, Bo Liu and lead researcher Yingying Chen from the Stevens Institute of Technology. The group is collaborating on this and other mobile device-related security and privacy projects.

"Wearable devices can be exploited," said Wang. "Attackers can reproduce the trajectories of the user's hand then recover secret key entries to ATM cash machines, electronic door locks and keypad-controlled enterprise servers."

Researchers conducted 5,000 key-entry tests on three key-based security systems, including an ATM, with 20 adults wearing a variety of technologies over 11 months. The team was able to record millimeter-level information of fine-grained hand movements from accelerometers, gyroscopes and magnetometers inside the wearable technologies regardless of a hand's pose. Those measurements lead to distance and direction estimations between consecutive keystrokes, which the team's "Backward PIN-sequence Inference Algorithm" used to break codes with alarming accuracy without context clues about the keypad.

According to the research team, this is the first technique that reveals personal PINs by exploiting information from wearable devices without the need for contextual information.

"The threat is real, although the approach is sophisticated," Wang added. "There are two attacking scenarios that are achievable: internal and sniffing attacks. In an internal attack, attackers access embedded sensors in wrist-worn wearable devices through malware. The malware waits until the victim accesses a key-based security system and sends sensor data back. Then the attacker can aggregate the sensor data to determine the victim's PIN. An attacker can also place a wireless sniffer close to a key-based security system to eavesdrop sensor data from wearable devices sent via Bluetooth to the victim's associated smartphones."

The findings are an early step in understanding security vulnerabilities of wearable devices. Even though wearable devices track health and medical activities, their size and computing power doesn't allow for robust security measures, which makes the data within more vulnerable to attack.

The team did not have a solution for the problem in the current research, but did suggest that developers, "inject a certain type of noise to data so it cannot be used to derive fine-grained hand movements, while still being effective for fitness tracking purposes such as activity recognition or step counts."

The team also suggests better encryption between the wearable device and the host operating system.

Chen Wang, Xiaonan Guo, Yan Wang, Yingying Chen, and Bo Liu. 2016. Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (ASIA CCS '16). ACM, New York, NY, USA, 189-200. DOI: http://dx.doi.org/10.1145/2897845.2897847

The paper was published in proceedings of - and received the "Best Paper Award" - at the 11th annual Association for Computing Machinery Asia Conference on Computer and Communications Security (ASIACCS) in Xi'an, China, on May 30-June 3.

The research was funded, in-part, by a grant from the National Science Foundation and the United States Army Research Office.

Most Popular Now

Open Call SC1-DTH-01-2019: Big Data and …

Currently available methods and strategies for diagnosis and treatment of cancer help clinicians continuously improve quality of care and prevent cancer deaths in the population. Accurate risk assessment, availability of...

Cerner Selected for NHS Framework to Sup…

Integrated Care Systems (ICS) and Sustainability and Transformation Partnerships (STPs) aim to deliver the best possible quality of health and care, shift to value-based care and proactively improve outcomes for...

Brainlab and Magic Leap Partner in Digit…

Brainlab has announced a strategic development partnership with Florida-based Magic Leap, a developer of proprietary spatial computing solutions that help users enrich their real world experience by integrating digital content...

The Merck Accelerator Program 2019

The Merck Accelerator is looking for real partners so that you can work together in shaping the future. With programs in the headquarters in Germany, in China and the Satellites...

Whole-Brain Connectome Maps Teach Artifi…

Medical University of South Carolina (MUSC) neurologists have developed a new method based on artificial intelligence that may eventually help both patients and doctors weigh the pros and cons of...

Oxehealth Secures World-First Accreditat…

The British Standards Institute (BSI) has accredited Oxehealth's vital signs measurement software as a Class IIa medical device in Europe. This is the first time that software enabling a digital...

MEDICA 2018: The Starting Block for Many…

12 - 15 November 2018, Düsseldorf, Germany. MEDICA, the world’s leading medical trade fair in Düsseldorf which attracts over 5,000 exhibitors from around 70 countries, is becoming an even bigger hotspot...

MEDICA 2018 Presents the Future of Medic…

12 - 15 November 2018, Düsseldorf, Germany. Artificial intelligence, Big Data or IoT (Internet of Things) - we would be hard pressed to find a sector that doesn’t have these terms...

Artificial Intelligence for Health: ITU …

The ITU Focus Group on 'AI for Health' (FG-AI4H), created in collaboration with the World Health Organization (WHO), has issued a Call for Proposals to identify compelling use cases of...

Siemens Healthineers and STORZ MEDICAL P…

On the occasion of the 70th annual congress of the German Society for Urology, DGU, Siemens Healthineers and STORZ MEDICAL have announced plans to enter into a sales partnership agreement...

Spinal Cord Stimulation, Physical Therap…

Spinal cord stimulation and physical therapy have helped a man paralyzed since 2013 regain his ability to stand and walk with assistance. The results, achieved in a research collaboration between...

Sandoz Healthcare Access Challenge #Sand…

Sandoz, the Novartis generics and biosimilars division, today announces the launch of the second Sandoz Healthcare Access Challenge (HACk). The #SandozHACk is a global competition that invites entrepreneurs and innovators...