Skip to main content
  1. Home
  2. Wearables
  3. News

Here’s why you should not type in a PIN while wearing a wearable

By

Smartwatches and wearables may be great for alerting you to get on your feet and exercise, but you may not want to wear them when inputting secure PINs, like the one you punch in at the ATM.

A new paper, titled “Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN,” shows that deciphering someone’s PIN isn’t that hard, though the paper doesn’t dive into the specific wearables that were used.

Recommended Videos

Written by researchers at the Stevens Institute of Technology and Binghamton University, the paper reveals that attackers can track the millimeter-level distances and directions of hand movements thanks to embedded sensors like accelerometers, gyroscopes, and magnetometers, in the wearable device. By tracking your exact movements, researchers were able to “derive the moving distance” of a person’s hand between key entries on key-based systems like a keyboard or ATM.

Related

They successfully reverse-engineered the wearable’s sensors to track a person’s hand movements to see the PIN that was entered — that method is called the “Backward PIN-Sequence Inference algorithm.” The group tested more than 5,000 key-entry traces from 20 adults with different kinds of wearables. The technique provided an accuracy of 80 percent on one try, and that jumped to 90 percent with three tries.

Attackers can use this method in two ways — by installing malware directly onto the device, or by grabbing the data via the Bluetooth connection that bridges the wearable to the smartphone, according to Phys.org.

It all sounds awfully simple, but researchers do offer a solution to manufacturers and developers — insert some “noise data” to obscure the sensitive data. This solution sounds incredibly similar to differential privacy — a tool Apple is using in iOS 10 to make data-gathering more secure and anonymous. Google has also been using this technique in its Chrome browser for years.

We have reached out to the group to check which devices they tested with, but in the meantime, perhaps you should take off your wearable before you enter your secure PINs.

Updated on 07-07-2016 by Julian Chokkattu: Clarified that attackers use tracking data from the wearable to decipher PINs typed on physical key-based systems.

[amz_nsa_keyword keyword=”Portable VPN”]

Editors’ Recommendations

Please enable Javascript to view this content

Topics
Julian Chokkattu
Julian Chokkattu
Former Digital Trends Contributor
Julian is the mobile and wearables editor at Digital Trends, covering smartphones, fitness trackers, smartwatches, and more…
It’s finally over for Humane’s AI Pin — here’s who can get a refund
The Humane Ai Pin.

Humane has ended sales of the AI Pin, one of the most poorly received gadgets of recent years. It's also ending AI Pin connectivity and services in just 10 days' time, effectively bricking it for those who bought it.

In an announcement on its website on Tuesday, Humane said the changes are coming about after HP offered to acquire its assets. The deal is worth $116 million, according to a Bloomberg report, though Humane has not confirmed this detail. The same news outlet reported last year that Humane was seeking between $750 million to $1 billion from a prospective buyer.

Read more
Is your Fitbit getting too hot? Google wants to give you $50
Wearing a Fitbit Sense 2 while working at a desk.

Google has issued a warning for the Fitbit Sense and Fitbit Versa 3. A "limited number" of the smart wearables are at risk of overheating with the potential to cause burns, so it isn't every single Sense or Versa 3 model. A firmware update began rolling out yesterday and will continue to do so over the next month, and Google says that affected customers — those with devices at risk of overheating — could be eligible to receive $50 in compensation.

The firmware update will reduce the chance the battery will overheat, but it comes at the expense of capacity. The wearables won't have the same battery length as they once did, according to TechRadar. This isn't the first time Fitbit has run into problems like this; in 2022, the Fitbit Ionic caused several burns and resulted in refunds. There was also a report of an exploding Fitbit in 2017, too, though the company claims it isn't responsible for that incident.

Read more
Incredible research shows wearables help detect chronic health issues
Someone wearing an Apple Watch Ultra and Pixel Watch 3 on different wrists.

The wearable segment is seeing multiple, exciting breakthroughs at the moment. At CES 2025, we saw Novosound showcase a sensing kit for ultrasound-based real-time blood pressure monitoring, expressing its readiness for the smartwatch and smart ring form factors. Blood glucose sensing is already in the works, and researchers are also exploring how sleep data can be used in the context of chronic problems for better health analysis.

Now, fresh research from experts at Mount Sinai claim data collected by smartwatches like the Apple Watch Series 10 and smart rings like the Oura Ring 4 can be used to predict the flare-up of chronic problems, and even identify the deterioration of related symptoms. As part of their study, the team focused on inflammatory bowel disease (IBD), a chronic condition that causes inflammation in the gastrointestinal tract.

Read more