Because a PIN-pad is so constrained and predictable, the accelerometer in your smartwatch is able to guess with a high degree of confidence (73%) what you enter into it -- it can also serve as a general-purpose keylogger, though with less accuracy (59%), thanks to the complexity of the keyboard.
The machine learning algorithm that makes these guesses is able to generalize its findings from one PIN-pad and apply them to another, even if it has a different layout.
The implication is that any vulnerability in your smartwatch is a potential vector for attacks on your PINs.
To prove his theories in practice, Mr. Beltramelli created a smartwatch application for a Sony SmartWatch 3, which he used to record accelerometer and gyroscope sensor data.
Because of the watch's technical limitations, he wasn't able to send the data directly to a server, but to a nearby Android device (LG Nexus 4) (via Bluetooth), which then relayed it to a server for further analysis.
Using an algorithm that combined Java, Python, and Lua code, he was able to sift through all the data, eliminate noise movements, and detect patterns for various events, like when the user moves and taps his finger on a phone's touchscreen to unlock a PIN-protected phone, or when the user enters a PIN code on an ATM's keypad.
Deep-Spying [Tony Beltramelli/Github]
Deep-Spying: Spying using
Smartwatch and Deep Learning [Tony Beltramelli/IT University of Copenhagen]
Smartwatches Can Be Used to Spy on Your Card's PIN Code
An investigation by Propublica and Bayerischer Rundfunk found 187 servers hosting more than 5,000,000 patients' confidential medical records and scans (including a mix of Social Security numbers, home addresses and phone numbers, scans and images, and medical files) that were accessible by the public, "available to anyone with basic computer expertise."
Of course they announced it at the end of the day on Friday, that’s what you do with bad news.
Iowa state court officials contracted with Coalfire to conduct "penetration tests" on its security; as part of those tests, two Coalfire employees broke-and-entered the Adel, Iowa courthouse, and were caught by law-enforcement, whose bosses in Dallas County were not notified of the test.
If you’re part of the maker community, you know Make:. Though Make: magazine is off the shelves as of this year, the eBooks and resources put out by Maker Media are still a fantastic resource for the new generation of tinkerers, hackers, and robotics geeks. If you’re in that tribe, listen up: they’ve released a […]
Life isn’t getting any less hectic, and pressure cookers are a quick, healthy solution for a growing number of kitchens. But if you thought your Instant Pot was versatile, there’s a major upgrade on the market: The Yedi 9-in-1 Total Package Instant Programmable Pressure Cooker. If you’ve somehow never used a pressure cooker before, try […]
When it comes to data analytics or deep learning, there’s one language behind the apps and algorithms that power the biggest companies of today: Python. The best part about this tool is that as versatile as it is, it’s actually fairly easy to learn. But mastery? For that, you need more than just a beginners’ […]