Spectrum: By combining smart watch sensor data with an algorithm to infer key entry sequences from even the smallest of hand movements, the team was able to crack private ATM PINs with 80 percent accuracy on the first try and more than 90 percent accuracy after three tries. By Megan Scudellari
'“I have to admit, at the beginning, I thought this would be science fiction,” says Wang. “But it can actually be done. There are just so many sensors on these wearable devices. It provides sufficient information of your hand movements.”
'There has long been concern over the security of smart watches, fitness trackers, and other internet-connected wearables that gather sensitive information, such as what time of day a user leaves their home. To infer user inputs on keyboards, past cyber security studies have used cameras to observe how a hand moves over a keypad or machine-based learning techniques to train a program to detect user movements.
'Now, spying on a PIN just got way easier, thanks to sensors that measure acceleration, orientation and direction in our wrist devices. Led by Chen Wang and Yingying Chen at the Stevens Institute of Technology in Hoboken, New Jersey, the researchers conducted 5,000 key-entry tests on three different keypads—a detachable ATM pad, a keypad on ATM machine, and a QWERTY keyboard. Twenty adults performed the tests wearing one of three different devices: the LG W150 or Moto360 smart watches or the Invensense MPU-9150, a nine-axis motion tracking device.'
"Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN" by Chen Wang, Xiaonan Guo, Yan Wang, Yingying Chen, and Bo Liu here