View Feed
group-icon
Coffee Room
Discuss anything here - everything that you wish to discuss with fellow engineers.
12920 Members
Join this group to post and comment.

Watch Out - Your Stolen Phone Could Reveal Your Passwords

As the day advances, the sun goes down giving a direct hint towards the upcoming future full of gadgets, instruments, alternative light sources and a generation “z” attitude that hardly makes one believe that the world has ever witnessed the darkness. Even in such a progressive society, although humans were capable to wrap the nature with an invisible cloak made of day to day innovation offspring, they could not kill their fractured conscience. An ill mentality developed on the foundation of technology has used the development to steal valuable information. Sometimes these are mere earthly products, sometimes they are valuable information and sometimes, comparing with a far-fetched analogy those are innocent lives.

A research team led by Prof. Yingying Chen from Stevens Institute of Technology has developed a data driven system from smart wearable devices which can easily reveal the ATM PINs of corresponding individuals. The press release report confirms, an algorithm in combination with data taken from embedded sensors of smart-watches, fitness trackers could decipher private PINs and passwords in one chance for more than 80% samples and in three chances for more than 90% samples and with equal percentage of accuracy.

security_image

Electrical and computer engineering Prof. Yingying Chen and four graduate students carried out the tests in Stevens labs. Prof. Chen, a multiple-time National Science Foundation (NSF) awardee, shared that it's surprising even for scientists specialising in this area. He further added that, it could be easier, than what was previously thought, for criminals to obtain secret information from our wearables by using the right techniques.

The team confirmed that smart devices, especially with a touch screen display could reveal details to any unauthorized person. According to the team an attacker needs to simply clone hand movements and track the trajectories to crack the passwords of transaction machines, electronic doors, bank vaults etc.

The team conducted a 5,000 key-entry test on three key-based security systems with 20 adults who are habitual users of smart devices from past 11 months. The system under development measures millimeter level hand movements and collected data using the accelerometers, gyroscopes and magnetometer sensors present inside a wearable. The data collected from the system were analyzed to form an estimated graph of distance and direction parameter between consecutive key strokes. Ultimately with the help of "Backward PIN-sequence Inference Algorithm", the private code could pop up in front of the spectator without any hurdle at all.

Now, the point of argument is that it is a research that has been undertaken in back-calculation format. The lead researcher further implied that the information is hack-able but it needs sophistication. There are two attacking ways, the first one being internal and another known as sniffing attacks. In the first case the sensors are accessed using a malware which waits until the receiving end has accessed the data already. Also a wireless sniffer could be placed near the key-based security systems to bypass the information.

Currently the research highlights the problem and does not give much idea about the possible solution. However the team has talked about additional noise incorporation in future which might come out as a viable option. The research was funded by National Science Foundation, United States Army Research Office and was published in ACM journal.

A paper on the new research, Friend or Foe? Your Wearable Devices Reveal Your Personal PIN, received the Best Paper Award at the ACM Conference on Information, Computer and Communications Security (ASIACCS) in Xian, China in May.

Source: ACM | Binghamton University

Share this content on your social channels -