The little movements made by your wrists and fingers, monitored by a smartwatch,may be used to map out what you just typed. Like... your PIN.
A small research paper from a student at IT University of Copenhagen collected movement data from a Sony SmartWatch 3 and was able to reliably decypher what was being typed on an external keypad.
Tony Beltramelli, the student who conducted the research,coined the concept as a type of "deep-spying", revealed a user entering a numerical code and then decoded what was typed after accessing the watches gyroscope and accelerometers.
Analysing the data using a machine learning algorithms -- which have been posted to GitHub - enabled patterns to be revealed from "unavoidably noisy data", the student wrote in his paper.
The masters student said the mens of eavesdropping on whatever is being typed may be used to steal passwords and other credentials, social security numbers, credit card numbers, and read messages that are typed.
"By their very nature of being wearable, these devices, may reveal a new means of pervasive attack surface threatening users privacy, among others," Beltramelli wrote in the paper's abstract.
"The aim of this research is to raise level of awareness about the possible risks connected to motion sensors built-in wearable devices and to show possibility of abuse leveraged by advanced neural network architectures."
The student tested out the method on keypads with 12 keys, but said the machine learning behind the device revealed "above-average accuracy even when confronted with raw unprocessed data".
The results showed 73 percent accuracy for touchlogging and 59 percent for keylogging, although said it would be "impossible" to detect what keys were pressed when a smartwatch was being worn on the hand not being used to type.
Dramatically, these observations means that a cyber-criminal may be able, theoretically eavesdrop on any device operated by the user while wearing a WAD," the paper concludes.
"Thus allowing access to highly sensitive and valuable information and possibly causing important damages."
No comments:
Post a Comment