Skip to main content

Here’s why you should not type in a PIN while wearing a wearable

Apple Watch Wrist
Giuseppe Costantino/Shutterstock
Smartwatches and wearables may be great for alerting you to get on your feet and exercise, but you may not want to wear them when inputting secure PINs, like the one you punch in at the ATM.

A new paper, titled “Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN,” shows that deciphering someone’s PIN isn’t that hard, though the paper doesn’t dive into the specific wearables that were used.

Recommended Videos

Written by researchers at the Stevens Institute of Technology and Binghamton University, the paper reveals that attackers can track the millimeter-level distances and directions of hand movements thanks to embedded sensors like accelerometers, gyroscopes, and magnetometers, in the wearable device. By tracking your exact movements, researchers were able to “derive the moving distance” of a person’s hand between key entries on key-based systems like a keyboard or ATM.

They successfully reverse-engineered the wearable’s sensors to track a person’s hand movements to see the PIN that was entered — that method is called the “Backward PIN-Sequence Inference algorithm.” The group tested more than 5,000 key-entry traces from 20 adults with different kinds of wearables. The technique provided an accuracy of 80 percent on one try, and that jumped to 90 percent with three tries.

Attackers can use this method in two ways — by installing malware directly onto the device, or by grabbing the data via the Bluetooth connection that bridges the wearable to the smartphone, according to Phys.org.

It all sounds awfully simple, but researchers do offer a solution to manufacturers and developers — insert some “noise data” to obscure the sensitive data. This solution sounds incredibly similar to differential privacy — a tool Apple is using in iOS 10 to make data-gathering more secure and anonymous. Google has also been using this technique in its Chrome browser for years.

We have reached out to the group to check which devices they tested with, but in the meantime, perhaps you should take off your wearable before you enter your secure PINs.

Updated on 07-07-2016 by Julian Chokkattu: Clarified that attackers use tracking data from the wearable to decipher PINs typed on physical key-based systems.

[amz_nsa_keyword keyword=”Portable VPN”]
Julian Chokkattu
Former Digital Trends Contributor
Julian is the mobile and wearables editor at Digital Trends, covering smartphones, fitness trackers, smartwatches, and more…
5G vs. LTE: What’s the difference and why you should care
OnePlus Nord N300 5G speed test.

By now, you’ve almost certainly heard of 5G, the latest chapter in the evolution of wireless technology. Chances are you already have a smartphone and plan that supports 5G; if you don’t, you probably will after your next upgrade.

Although 5G has now effectively reached the mainstream, you may still wonder what the big deal is and how it will improve your life over the 4G/LTE technologies that have been the standard for the past decade. Is it worth upgrading to a 5G phone? Do you need a 5G plan, and if so, what level of 5G service should you choose from among the different flavors?

Read more
Wear OS 5 is the future of Android smartwatches. Here’s what’s new
A person wearing the Google Pixel Watch 2.

With the Google I/O 2024 opening keynote having come and gone yesterday, showcasing Google’s various AI initiatives with Gemini AI and more, news about the Wear OS took second fiddle -- until now. After revealing that Wear OS grew its user base by 40% in 2023, Google has just announced Wear OS 5, along with a slew of new watch face updates and health-tracking features.

Here’s what’s new.
Wear OS 5

Read more
Worried about the TikTok ban? Here are 5 TikTok alternatives you should use
TikTok logo on an iPhone.

TikTok, everyone's favorite social media app for watching short-form videos in an easy-to-digest format, may be facing a ban in the U.S. That’s because President Joe Biden has signed a law that would ban TikTok unless ByteDance sells its stake in TikTok within 12 months.

While this won’t have immediate effects, you may be worried about the future of your short-form video entertainment. Are there any alternatives to TikTok out there? Actually, there are quite a few. Here are some of the best TikTok alternatives that you should consider trying — just in case the TikTok ban actually happens.
Snapchat

Read more