Wearable Devices Could Allow Hackers to Steal Your Personal PIN
Hackers continue to come up with ways to steal our protected information.
According to new research from the Stevens Institute of Technology, hackers can determine ATM PINs with amazing accuracy with motion detecting software on a smartwatch or fitness tracker. The university study showed that 80% of ATM PINs could be predicted with just one try, and 90% could be predicted after three attempts.
The researchers used a test group of 20 people to enter 5,000 different PINs on a combination of machine-mounted ATM keypads, detachable ATM keypads, and QWERTY keyboards. Since wearable devices are equipped with embedded sensors, researchers could figure out a person’s PIN based on the way the wearable device moved during the entry, from the positioning of the watch in relation to the keypad and the speed at which each motion was conducted.
The scientists worked backwards, identifying a time when a person hit “Enter” and then tracking numbers that preceded that motion. They used the existing motion sensors on the wristbands to monitor hand movements by the millimeter.
The authors of the study said, “Our findings are an early and significant step to understand the possible security vulnerabilities of a wearable device’s embedded sensors.”
They believe countermeasures can be taken to prevent hacks from happening in the future, such as adding “noise” to the data to make it less susceptible to precise detection, or encrypting the data recorded by the wearable devices.