Motion data that your wearable collects from accelerometers, gyroscopes, and magnetometers could be used to break into your bank account or any other keypad lock, according to a paper co-authored by the Stevens Institute of Technology and the Thomas J. Watson School of Engineering and Applied Science at Binghamton University.
Researchers were able to develop an algorithm that uses the motion data to create the exact pattern of a PIN or passcode with impressive accuracy. According to the paper, the algorithm guessed the PIN in one attempt 80 percent of the time, and that went up to 90 percent after three attempts.
That is worrying, though for ATM transactions and keycard doors you typically need the card as well as the passcode to gain access. That may be too many processes for most hackers.
Two ways you reveal your PIN
In the paper, Yan Wang, an assistant professor at Binghamton University, laid out two ways to steal the motion data stored on the wearable:
- Infiltrate the wearable sensors using malware, possibly through a corrupt update sent via email.
- Intercept data sent via Bluetooth from the wearable to the smartphone, using a wireless sniffer.
If someone goes through all of the steps (and then creates a forged card) to gain entry into a building or account, you are probably a valuable person.
There are plenty of security firms that build programs to defend valuable targets and plenty of hackers that attempt to circumvent these programs to offload a huge amount of money or information, so revealing this information is worthwhile to a small sub-section of wearable owners.
Even if hackers are incapable of pulling off an entire attack, we could see hackers use ransomware—one of the fastest growing cyber attacks—to snatch some money from wearable owners. If a hacker told you your PIN, I’m sure a few would comply instead of gambling on the hacker not stealing your savings.