ATM PINs and passwords are put at risk by data collected by smartwatches and fitness trackers.
(CCM) — Criminals could make malware that extracts passwords and PINs from data collected by smartwatches and other wearable devices, according to new research published by scientists at Binghamton University and Stevens Institute of Technology. The scientists have developed software called "Backward PIN Sequence Inference Algorithm" that uses data from the accelerometers and other sensors built in to watches and fitness trackers to work out the PINs and passwords that a user has entered. The research says the algorithm works for PINs with a 90% success rate and for passwords with an 80% success rate on the first attempt and a 90% success rate after three attempts. It relies on the data to build up a picture of the hand movements that occurred when a user entered a PIN or password on a keypad or keyboard. With that information, it can work out the sequence of keys that a user must have pressed.
Criminals could use this capability to steal PINs and passwords by placing malware on a user's wearable device that forwards movement data to them to process. Alternatively, criminals could capture the data from a wearable device by intercepting it as it is transmitted to the user's smartphone over a Bluetooth connection.
Photo: © iStock.