If you think it's amazing that your smartwatch can track how many steps you take in a day, think again. That same technology can also be used to steal your ATM PIN.
Computer scientists from New Jersey's Stevens Institute of Technology and New York's Binghamton University demonstrated how wearing a smartwatch or fitness tracker can detect hand movements in millimeter increments to record what you're typing.
The study says these recordings "enable attackers to reproduce the trajectories of the user's hand and further to recover the secret key entries."
Over 5,000 key entries from ATM keypads and QWERTY keyboards were recorded from 20 adults wearing different tracking devices. One recording attempt saw 80% accuracy, which rose to 90% after three tries.
Joe Jarzombek, former Director for Software Assurance at the U.S. Department of Human Services, gives two criteria for products' security certification. He explains that "once you deploy them... they should be patchable. And given that these cyber products will continue to release new versions, he asks "how do you control new releases?".
In a Binghamton University press release, computer scientist Yan Wang, one of five co-authors of the study, says, "the threat is real, although the approach is sophisticated."
While no solution was proposed, the study does suggest that companies "inject a certain type of noise to data so it cannot be used to derive fine-grained hand movements, while still being effective for fitness tracking purposes such as activity recognition or step counts."