Your Smartwatch Could Be your Biggest Security Threat

Your Smartwatch Could Be Your Biggest Security Threat

  • By Sydny Shepard
  • Jan 15, 2016

Smartwatches are marketed as tools of convenience for improving everyday activities like shopping and fitness. The wristband technology allows the watch to record your daily movements, monitor your heart beat and can even recognize when you lift your arm to look at the time.

A student at the University of Copenhagen, Denmark has discovered another use for the wearable tech: stealing ATM pin codes and passwords from unsuspecting users.

In Troy Beltrameli’s thesis, titled “Deep-Spying: Spying Using Smartwatch and Deep Learning,” shows a hole in security that’s as clever as it is frightening. The student was able to create an app to capitalize on this gap.

Beltramelli built an app that records the movement data of the Sony Smartwatch 3 and then was able to sift through the data with an algorithm to find important inputs, gaining the ability to unlock a pin-protected phone or use an ATM’s keypad.

This ingenious hack does, however, have its limitations. Users can protect their ATM pin code by pressing it in with the hand that is not wearing the smartwatch. Also, the data needs to be collected by someone in close proximity to the smartwatch. For the student’s test, the data was transferred to a nearby Bluetooth device and then moved onto a server.

The last, and the most important, limitation is that the user has to willingly install the app that records this movement data. This is somewhat easy to overcome by burying such a function in an otherwise legitimate-looking  app.

Despite these limitations, this hack raises the question of how safe these smartwatches are. Recording movement data from the accelerometer and gyroscope is an invasion of privacy beyond the normal cybersecurity risks that people are used to.

The most troubling part about this is if a student could find this cyber security flaw, other less-wholesome types are probably making similar breakthroughs and aren’t publishing their findings in their thesis.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • New Research Shows a Continuing Increase in Ransomware Victims

    GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now

  • OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities

    According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3