Binghamton university, in the United States and Stevens institute of technology, the researchers found that wearable device can be used to steal the user’s multiple passwords.
Researchers at the university of the two published titled “friend or foe? Wearable equipment exposed your personal identification number of the paper. They collected from wearable device. It includes smart watches
and bracelet in the embedded sensor data and using computer algorithms to crack a personal identification number and password. Try to break the success rate of 80% for the first time, and the success rate of more
than 90% after three attempts.
Binghamton university, school of engineering and applied science, an assistant professor of computer science Wang Yan, Yan Wang, sound), said: “wearable device can be breached. The attacker can restore the user hand trajectory, then gain access to an ATM machine, electronic entrance guard, and use the keyboard control enterprise server password.”
The study of other participants include Wang Chen, Guo Xiaonan, Liu Bo, and Chen, head of Yingying from Stevens institute of technology. The team associated with mobile devices in information security and privacy
protection in the project cooperation.When the Swiss art master abro (EPOS) – Emotion emotional series Roman holiday – white version
All watch price is USD 5770
A real threat, but methods can be complex
Wang yan said: “the real threat, but methods can be complex. There are two types of attack methods can realize: internal attack and sniffing attack.”
“In the internal attack, the attacker by malicious software to access the wrist wearable devices embedded sensors. Malicious software for users to access security system based on password, and send back the sensor
data. Then, an attacker can use the sensor data to detect the victim’s personal identification number.””The attacker can also put wireless sniffer devices in information security system based on password, near to
steal wearable device sensor data that are sent to the associated smartphones.”
The researchers based on three kinds of information security system, including ATM, in 11 months by 20 adult users, using a variety of wearable devices tested 5000 times the password input.By using the accelerometer and gyroscope in wearable devices and magnetometer data, the research team successfully recorded the movement information of millimeter, and whether users hands in what position. Then, using the interference to the personal identification number sequence algorithm after “, “the researchers to restore the key data accurately.
The research team feedback this is the first use of wearable devices for personal identification number, do not need any environment of information technology at the same time.The study helps to understand the outside world, wearable devices will bring what kind of information security risk. Currently, the size of the wearable devices and computational ability to also cannot assure powerful security measures, it also leads to data security more vulnerable.
In the current study, the team did not solve problems. But they said that the developer can ask people to join the “noise” in the data, make hackers cannot hand movement information extracted from the data, but
still can effectively track the movement.