Information gathered by your wearables is more sensitive than you think

Original press release was issued by the Stevens Insititute of Technology.

The segment of wearable technology is booming, but if you’re actively using a smart watch, you are producing more data than you are probably aware of. Data that hackers find very attractive.

When we say that wearables are booming, it is not an overstatement. It is reportedly already producing an estimated $14 billion in sales worldwide – and is expected to to more than double within the next four years. But researchers from Stevens Institute of Technology have revealed that these gizmos are capable of continually recording a lot of sensitive information based on the motion of your hands. And that includes PIN codes, which hackers could guess with more than 90% accuracy.

“It may be easier than we think for criminals to obtain secret information from our wearables by using the right techniques,” said the research team leader, electrical and computer engineering processor Yingying Chen.

The Stevens team outfitted 20 volunteers with an array of fitness wristbands and smart watches, then asked them to make some 5,000 sample PIN entries on keypads or laptop keyboards while “sniffing” the packets of Bluetooth low energy (BLE) data transmitted by sensors in those devices to paired smartphones. After capturing accelerometer, gyroscope and magnetometer data from the devices and using it to calculate typical distances between and directions of consecutive key entries, Chen’s team developed a backward-inference algorithm to predict four-digit PIN codes.
While some devices proved more secure than others, the algorithm’s first guess succeeded an astonishing 80 percent of the time, on average. Within five tries, its accuracy climbed to 99 percent on some devices.
“Further research is needed, and we are also working on countermeasures,” concludes Chen, adding that wearables are not easily hackable — but they are hackable.