Loose wrists shake chips: Your wrist-job could be a PIN-snitch Chinese scientists have brewed a way to steal -- with 80 percent accuracy -- automatic teller machine PINs by infecting wearable devices. Five university boffins demonstrated the trick in a laboratory, finding even the slight hand movements a person makes while entering PINs can be captured through infected smart watches. The …
Unfortunately I am one of those strange people who do this. I am right handed but my left wrist is irritated by watch wearing.It has to be on the right wrist or in my pocket.
I'm OK though as my watch is so smart that it doesn't have movement sensors built in that could splurge my PIN info. I accept that it only tells the time, but for a watch bought in Dixons in 1983 and which uses one tiny battery a year that's not too bad.
I'm with you, right handed but wear my watch on that hand since a kid when I bust my wrist.
Not worried though as like you I own no smart wtach, can't see how it could get infected and fail to believe they could then clone my card / steal it. Easier to mug me for the watch I'm wearing to be honest
Interesting exercise nonetheless.
I wonder if the same technique can also detect when just the fingers move and knows which finger moved. If they can also detect finger-only movement, then I'd call that pretty sensitive. And adding noise to the device would make it less desirable since some people insist on more accuracy.
It isn't really "finger only movement", because your fingers are controlled puppet-like by "tendons" that are run through your wrist.to connect to muscles in your forearm. Grip right wrist with left hand and move the right hand fingers (other the other way around), and you'll feel things moving in there.
But is the watch sensitive enough to detect those subtle movements? From what I've read, I don't think so; the movement against the watch is too slight. It sounds more like it's trying to read the movement of your hand as you one-finger the PIN, but many of us don't use one finger to punch in their pin. Plus, as others have noted, most of us wear our watches on our non-dominant hand while our dominant hand actually punches in the PIN.
What watched/wearables are at most risk of being hacked like this?
Well, apart from the idiot user who seems to want to download all sorts of crap from all over the internet.
do the really claim to be able to differentiate between a single finger pin input and a multi finger one?
coz, I use three fingers to enter my pin. I also drag my fingers over other keys so as to not leave clear fingerprints behind.
So in a clean lab environment this might be possible but in the real world? would it be as successful?
Lets face it, life is a risk.
If they did such a modern version of Psion 5MX at a reasonable price, I'd buy one or two in a heartbeat.
I suspect it wouldn't run on two AAs anymore and battery life would be bit worse. Although perhaps if it used ACeP it might not be too awful.
So...
They load a monitor app onto my smart watch.
They retrieve my PIN using a clever algorithm.
Don't they still have to beat me over the head to get my card?
I'm sure I can come up with an easier way to generate 10,000 four digit PINs that aren't related to any specific individual (that relation only exists when you nab the card).
"Attackers can reproduce the trajectories of the user's hand then recover secret key entries to ATM cash machines, electronic door locks and keypad-controlled enterprise servers."
I wonder if they could work out what a watch wearer was doing, given the output like this:
101010101020202020202020303030303030306060606060606080808080909090909090909090909095908090909090909090909090909090909090909090909090
For the simple fact that I stopped wearing watches ever since I got a cellphone which also displayed the time. And I should have done this much sooner too in my opinion. No weight on your wrists, no risk of it getting stuck somewhere (this is especially true when repairing / working on computers) and it also doesn't leave tan marks.
No more watches for me :)
So every time you have to look up the time you have to take your phone out of whatever pouch you keep it in and turn it on to see the time...
I thought the idea of a wrist watch was that you could glance at the time with a quick look without having to take anything out of your pockets...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
