Smartwatches are packed full of sensors to help you track fitness, heart rate, location and more, but these very sensors can also put you at risk.
Computer scientists have developed an app that sits on the watches and captures data from these motion sensors as the wearer types on a keyboard.
These movements are then sent to a ‘hacker’ who determines which keys are being pressed and in what order, potentially revealing banking passwords, login details and private emails.
Computer scientists have developed an app that sits on smartwatches and captures data from motion sensors as the wearer types on a keyboard (pictured). These movements are sent to a ‘hacker’ who determines which keys are being pressed and in what order, potentially revealing passwords and login details
The ‘attack system’ was created by Associate professor Romit Roy Choudhury and his team at the University of Illinois.
It has been called Motion Leaks through Smartwatch Sensors, or MoLe, and was demonstrated using a Samsung Gear Live watch.
The researchers began by typing while wearing the watch, with the app installed, and tracking keystrokes.
READING MESSAGES ON WATCHES
Last year, a video revealed just how easy it is to read messages sent to a smartwatch running Google’s Android software.
For the proof-of-concept, a Nexus 4 Android device equipped with Android L Developer Preview and Samsung Gear Live were used.
Using special software the team was able to ‘brute force’ a six digit passcode used to link the phone to the watch – and then read messages sent to it.
Each movement was then assigned to a key using a Keystroke Detection module, which analysed the timing of each keystroke and the displacement of the watch.
For example, the left wrist moves farther to type a ‘T’ than an ‘F.’
‘Sensor data from wearable devices will clearly be a double-edged sword,’ said Associate professor Roy Choudhury.
‘While the device’s contact to the human body will offer invaluable insights into human health and context, it will also make way for deeper violation into human privacy.
‘The core challenge is in characterising what can or cannot be inferred from sensor data and the MoLe project is one example along this direction.’
A possible solution to these motion leaks would be to lower the sample rate of the sensors in the watch, said He Wang, a PhD student on Associate professor Choudhury’s team.