How your smartwatch could give your credit card PIN away

apple watch

They’re the latest must-have in the world of wearable devices, but they don’t come without flaws – cybercriminals are eyeing up smartwatches as the next devices to attack.

Keeping in mind that the majority of smartwatches currently on the market are carrying some sort of vulnerability (even the popular Apple Watch has been highlighted as potentially worrying for user privacy), the growth in sales of these devices is music to cybercriminals’ ears.

Your credit card PIN at risk

A vulnerability recently discovered by a student at the University of Copenhagen has set alarms bells ringing. Tony Beltramelli used his thesis to show that a smartwatch is all that is needed for a cybercriminal to discover your credit card’s PIN.

We are all aware of the amount of malicious apps that are available for smartphones, however these new wearable gadgets are also the focus of cybercriminals looking to trick unwitting users with applications designed to steal sensitive information.

Beltramelli, who carried out the test on a Sony SmartWatch 3, managed to extract data from the device’s gyroscope and heart-rate monitor by using one of these malicious apps, and later sent the stolen information to a server.

Just as the student did, a cyberattacker could access the information of these sensors and analyze them until they get something truly valuable – with an accuracy of 73%, the gyroscope and the heart rate monitor can tell us which buttons the user has pressed on a typical ATM keyboard using the hand which the smartwatch is worn on.

On larger keypads, the accuracy is different – the system created by Beltramelli is capable of guessing a PIN in 19% of cases. “This means that an attacker has a wide range of devices available”, explains the student.

This make the sensors a double-edged sword, as not only do they make the watch more useful and appealing, but they could end up costing the owner more than they bargained for.

smartwatch

Beyond following typical security recommendations such as only downloading applications from trusted sources, a possible solution might be that we avoid wearing our smartwatches on the arm of the hand that we usually use to carry out tasks – so all left-handed people should wear it on their right, and vice-versa. This small change could save you a lot of bother further down the line!

The post How your smartwatch could give your credit card PIN away appeared first on MediaCenter Panda Security.

Leave a Reply