Because a PIN-pad is so constrained and predictable, the accelerometer in your smartwatch is able to guess with a high degree of confidence (73%) what you enter into it — it can also serve as a general-purpose keylogger, though with less accuracy (59%), thanks to the complexity of the keyboard.
The machine learning algorithm that makes these guesses is able to generalize its findings from one PIN-pad and apply them to another, even if it has a different layout.
The implication is that any vulnerability in your smartwatch is a potential vector for attacks on your PINs.
To prove his theories in practice, Mr. Beltramelli created a smartwatch application for a Sony SmartWatch 3, which he used to record accelerometer and gyroscope sensor data.
Because of the watch's technical limitations, he wasn't able to send the data directly to a server, but to a nearby Android device (LG Nexus 4) (via Bluetooth), which then relayed it to a server for further analysis.
Using an algorithm that combined Java, Python, and Lua code, he was able to sift through all the data, eliminate noise movements, and detect patterns for various events, like when the user moves and taps his finger on a phone's touchscreen to unlock a PIN-protected phone, or when the user enters a PIN code on an ATM's keypad.
Deep-Spying [Tony Beltramelli/Github]
Deep-Spying: Spying using
Smartwatch and Deep Learning [Tony Beltramelli/IT University of Copenhagen]
Smartwatches Can Be Used to Spy on Your Card's PIN Code
[Catalin Cimpanu/Softpedia]
(via /.)
