The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
Could wearing a fitness tracker or smartwatch make it easier for scammers to exploit your private PIN? That’s the conclusion of a shocking new study released this month.
In the paper, “Friend or Foe?: Your Wearable Devices Reveal Your Personal Pin,” researchers from Binghamton University and the Stevens Institute of Technology describe how, with the help of a computer algorithm, they used data collected by these devices to crack passwords, which they managed to do with 80% accuracy on the first try and more than 90% accuracy after three tries.
Over 11 months, the researchers performed 5,000 key-entry tests on three key-based security systems, including an ATM, while 20 adults wore a variety of devices, such as activity trackers and smartwatches.
Typically, a hacker would need to install a video camera or fake keypad in order to uncover personal information, the researchers wrote.
However, they found wearable devices “can be exploited to discriminate mm-level distances and directions of the user’s fine-grained hand movements, which enable attackers to reproduce the trajectories of the user’s hand and further to recover the secret key entries.” Put in layman’s terms: The hackers could record information about your hand movements to reproduce the seemingly-secret entries.
The researchers added, “our system confirms the possibility of using embedded sensors in wearable devices, i.e., accelerometers, gyroscopes and magnetometers, to derive the moving distance of the user’s hand between consecutive key entries regardless of the pose of the hand.” So, infecting your device with malware or intercepting the Bluetooth connection that syncs your watch to your phone wouldn’t be much of a stretch.
Though it’s too soon to tell how this will impact everyday wearers — manufacturers have yet to respond to the study — it’s yet another reason to be vigilant about how and where you share your finances, especially online. Short of using your device-free hand to code in any passwords, it’s a good idea to follow best online safety practices, which include only shopping on encrypted sites, avoiding clicking on phony emails and doing your best to keep your passwords to yourself.
It’s also a good idea to keep an eye on your accounts for common signs of fraud. This can include unfamiliar addresses, sudden drops in your credit score and mysterious accounts opening up in your name. (You can view two of your free credit scores, updated every 14 days, on Credit.com.)
Image: AleksandarNakic
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams