- Jun 9, 2013
- 6,720
Smart watch, dumb botch: sensor sensitivity equals insecurity say boffins
Chinese scientists have brewed a way to steal -- with 80 percent accuracy -- automatic teller machine PINs by infecting wearable devices.
Five university boffins demonstrated the trick in a laboratory, finding even the slight hand movements a person makes while entering PINs can be captured through infected smart watches.
The sniffed telemetry data could be later crunched by algorithms to reveal the correct PIN. Subsequent monitoring increases the PIN guessing accuracy to upwards of 90 percent.
Chen Wang of Birmingham University, together with Xiaonan Guo, Yan Wang, Yingying Chen, and Bo Liu of Stevens Institute of Technology, New Jersey, describe their work in the paper "Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN [paywalled].
They say they achieved the accuracy rating over 5,000 pin-entry tests on ATMs and other systems. Twenty subjects wore various wearable devices during the 11-month study in which hardware accelerometers, gyroscopes, and other standard smart device componentry allowed millimeter-accuracy in reading PINs.
"Wearable devices can be exploited," said Wang. "Attackers can reproduce the trajectories of the user's hand then recover secret key entries to ATM cash machines, electronic door locks and keypad-controlled enterprise servers."
An internally-developed backward PIN-sequence inference algorithm then turned the data into PINs with between 80 percent to 90 percent accuracy.
Full Article. Loose wrists shake chips: Your wrist-job could be a PIN-snitch
Chinese scientists have brewed a way to steal -- with 80 percent accuracy -- automatic teller machine PINs by infecting wearable devices.
Five university boffins demonstrated the trick in a laboratory, finding even the slight hand movements a person makes while entering PINs can be captured through infected smart watches.
The sniffed telemetry data could be later crunched by algorithms to reveal the correct PIN. Subsequent monitoring increases the PIN guessing accuracy to upwards of 90 percent.
Chen Wang of Birmingham University, together with Xiaonan Guo, Yan Wang, Yingying Chen, and Bo Liu of Stevens Institute of Technology, New Jersey, describe their work in the paper "Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN [paywalled].
They say they achieved the accuracy rating over 5,000 pin-entry tests on ATMs and other systems. Twenty subjects wore various wearable devices during the 11-month study in which hardware accelerometers, gyroscopes, and other standard smart device componentry allowed millimeter-accuracy in reading PINs.
"Wearable devices can be exploited," said Wang. "Attackers can reproduce the trajectories of the user's hand then recover secret key entries to ATM cash machines, electronic door locks and keypad-controlled enterprise servers."
An internally-developed backward PIN-sequence inference algorithm then turned the data into PINs with between 80 percent to 90 percent accuracy.
Full Article. Loose wrists shake chips: Your wrist-job could be a PIN-snitch