Skip to main content
  1. Home
  2. Wearables
  3. News

Here’s why you should not type in a PIN while wearing a wearable

By

Apple Watch Wrist
Giuseppe Costantino/Shutterstock
Smartwatches and wearables may be great for alerting you to get on your feet and exercise, but you may not want to wear them when inputting secure PINs, like the one you punch in at the ATM.

A new paper, titled “Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN,” shows that deciphering someone’s PIN isn’t that hard, though the paper doesn’t dive into the specific wearables that were used.

Recommended Videos

Written by researchers at the Stevens Institute of Technology and Binghamton University, the paper reveals that attackers can track the millimeter-level distances and directions of hand movements thanks to embedded sensors like accelerometers, gyroscopes, and magnetometers, in the wearable device. By tracking your exact movements, researchers were able to “derive the moving distance” of a person’s hand between key entries on key-based systems like a keyboard or ATM.

Related

They successfully reverse-engineered the wearable’s sensors to track a person’s hand movements to see the PIN that was entered — that method is called the “Backward PIN-Sequence Inference algorithm.” The group tested more than 5,000 key-entry traces from 20 adults with different kinds of wearables. The technique provided an accuracy of 80 percent on one try, and that jumped to 90 percent with three tries.

Attackers can use this method in two ways — by installing malware directly onto the device, or by grabbing the data via the Bluetooth connection that bridges the wearable to the smartphone, according to Phys.org.

It all sounds awfully simple, but researchers do offer a solution to manufacturers and developers — insert some “noise data” to obscure the sensitive data. This solution sounds incredibly similar to differential privacy — a tool Apple is using in iOS 10 to make data-gathering more secure and anonymous. Google has also been using this technique in its Chrome browser for years.

We have reached out to the group to check which devices they tested with, but in the meantime, perhaps you should take off your wearable before you enter your secure PINs.

Updated on 07-07-2016 by Julian Chokkattu: Clarified that attackers use tracking data from the wearable to decipher PINs typed on physical key-based systems.

[amz_nsa_keyword keyword=”Portable VPN”]

Editors' Recommendations

Topics
Julian Chokkattu
Julian Chokkattu
Former Digital Trends Contributor
Julian is the mobile and wearables editor at Digital Trends, covering smartphones, fitness trackers, smartwatches, and more…
I have the OnePlus 12. Here’s why you should be excited about it
OnePlus 12 in Flowy Emerald held in hand in sunlight.

OnePlus launched the OnePlus 12 in China on December 5, 2023. On January 23, OnePlus will launch the OnePlus 12 and the lower-priced OnePlus 12R globally, including in the U.S. And it's time to start getting excited about that.

OnePlus has established itself as one of the bigger names in the smartphone world, and 2023 was an especially promising year for the company. Last year’s OnePlus 11 was a solid choice, and the OnePlus Open —the brand’s first foldable — was one of the best folding phones I've ever tried.

Read more
These are the 5 smartwatches you should look forward to in 2024
An Apple Watch, Galaxy Watch 5, and Garmin Forerunner 265 lying on a desk next to each other.

The new year is here, and that means a lot of tech to look forward to in the coming months, especially with wearables like smartwatches. And there’s going to be an exciting slate of smartwatches to come, which will pair especially well with the most anticipated smartphones of 2024.

So, what’s coming? Here are 5 smartwatches coming out in 2024 that you need to pay close attention to.
Samsung Galaxy Watch 7
Samsung Galaxy Watch 6 (left) and Galaxy Watch 6 Classic (right) Andrew Martonik / Digital Trends

Read more
The app for your Garmin wearable is getting a huge overhaul
Garmin Forerunner 265 next to an iPhone running the Garmin Connect app.

Garmin is going into 2024 and CES with a "new year, new me" approach, and that is made evident by a huge redesign for its Garmin Connect app. The new interface will deliver a simplified experience, and device wearers will be encouraged to pick out the specific elements they want on their Connect homepage.

Garmin Connect is the bridge between your Garmin smartwatch or fitness tracker and your smartphone. While your wearable can keep you up to date with your latest stats and activities, you want the larger screen of your smartphone to really dive deeper into analysis.

Read more