Researchers have shown how easy it is for hackers to arrive at a fitness tracker or a smartwatch on passwords and even to get the account PIN.
Smartwatch/Smartphone and fitness tracker open passwords
New York (U.S.A.). The smartwatch or the fitness tracker should serve us as hard-working helpers in everyday life. But experts are now warning that the mini-computer on the wrist is more about us than we like. For hackers, it is, therefore, an easy, passwords and even bank -PINs from the tap movements. Already at the first attempt to restore a password, an algorithm would promise an 80 percent hit rate.
Nowadays more and more people rely on technical equipment such as smartwatches or fitness tracker.And for a good reason, because finally you promise a concentrated functionality: they are used not only as an alarm clock or for communication purposes. However, they are also to evaluate our sleep behavior. Hardly anybody speaks of the safety gaps that these devices have.
Passwords and account PINs are quickly cracked
Because the accelerometers and sensors with which these mini-computers are equipped promise not only technical benefits but can also be abused by hackers. The Stevens Institute of Technology recently published this terrifying news in his study “Friend or Foe? Your Wearable Devices Reveal Your Personal PIN”. In an experiment with 20 volunteers, Professor Yingying Chen found that hackers can use the help of Smartwatch and Co. to reproduce the movements of the hand and to copy passwords and pins.
Over a period of eleven months, the volunteers wore smartwatches and fitness trackers, where previously a software was installed that recorded the data inside the devices. This so-called snooping software was able to record the hand movements of the users in detail so that passwords and pins could be speed effortlessly.
In order to get access to the passwords and pins via the Smartwatch and fitness tracker, two methods are possible according to this study: on the one hand, hackers can gain access to the sensor data through the internal software. As soon as the user then makes PIN inputs. These movement data could be sent to the hacker, from which the latter could reconstruct the combination of numbers. On the other hand, a hacker attack would also be possible from the outside. For this purpose, for example, the placement of a wireless device at an ATM would be conceivable.
This device would then intercept the PIN by the SmartWatch sensor data if the Smartwatch is connected to the user’s mobile phone via Bluetooth.
Urgent more security needed
The researchers of the study, therefore, advise manufacturers of Smartwatches and Co. to close this security gap. For this purpose, it is already possible to underlay the sensor data with a kind of noise, in order to make scoring attacks unequal. The users of Smartwatches and Co. are encouraged to encrypt their data exchange with the mobile phone better.