By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Webcams vs. Humans
    1 year ago
    LokiBot: If not stealing, then blackmailing
    1 year ago
    Leaking ads
    1 year ago
    Latest News
    Patchstack Alliance Bounty Program Events for December
    1 day ago
    Your Smart Coffee Maker is Brewing Up Trouble
    1 day ago
    Earn up to $10,000 for Vulnerabilities in WordPress Software
    2 days ago
    Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin
    2 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Surface Pro 4 teardown: Get a closer look at the components
    1 year ago
    How to reset Windows Update components on Windows 10
    1 year ago
    Windows 11 build 22610 with new changes in Dev and Beta Channels
    1 year ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    10 months ago
    Now you can speed up any video in your browser
    10 months ago
    How to restore access to a file after EFS or view it on another computer?
    10 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    11 months ago
  • How To
    How ToShow More
    How to stop, disable, and remove any Android apps — even system ones
    16 hours ago
    Bigger, Better, Cooler in a 2U1N form factor
    Bigger, Better, Cooler in a 2U1N form factor
    2 days ago
    Vulnerability in crypto wallets created online in the early 2010s
    3 days ago
    Use Windows 11 features to inspire creativity, speed up everyday tasks
    4 days ago
    Windows brings nostalgia to the holidays with the return of Windows Ugly Sweaters, this year featuring the Bliss backdrop
    5 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    Hide your IP address from trackers in Safari
    1 year ago
    Simultaneous display of all search results in Firefox
    1 year ago
    Easter eggs about Google in DuckDuckGo
    1 year ago
    Latest News
    Change screen brightness on Windows 11
    2 days ago
    How to share Microsoft 365 Family subscription with other people
    4 days ago
    How to enable random MAC address for Wi-Fi on Windows 10
    4 days ago
    How to join Office apps to Microsoft 365 Insider Program
    4 days ago
  • Glossary
  • My Bookmarks
Reading: Experiment: How easy is it to spy on a smartwatch wearer?
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
Threats

Experiment: How easy is it to spy on a smartwatch wearer?

Tom Grant
Last updated: 13 October
Tom Grant 1 year ago
Share
7 Min Read

Can a smartwatch be used to spy on its owner? Sure, and we already know lots of ways. But here’s another: A spying app installed on a smartphone can send data from the built-in motion sensors (namely, accelerometer and gyroscope) to a remote server, and that data can be used to piece together the wearer’s actions — walking, sitting, typing, and so on.

Contents
Experiment: Can smartwatch movements reveal a password?It could be worseWho should worry about smartwatches?

How extensive is the threat in practice, and what data can really be siphoned off? We decided to investigate.

Experiment: Can smartwatch movements reveal a password?

We started with an Android-based smartwatch, wrote a no-frills app to process and transmit accelerometer data, and analyzed what we could get from this data. For more details, see our full report.

The data can indeed be used to work out if the wearer is walking or sitting. Moreover, it’s possible to dig deeper and figure out if the person is out for a stroll or changing subway trains — the accelerometer patterns differ slightly; that’s also how fitness trackers differentiate between, say, walking and cycling.

It’s also easy to see when a person is typing on a computer. But working out what they are typing is way more complex. Everyone has a specific way of typing: the ten-finger method, the one- or two-digit keyboard stab, or something in-between. Basically, different people typing the same phrase can produce very different accelerometer signals — although one person entering a password several times in a row will produce pretty similar graphs.

So, a neural network trained to recognize how a particular individual enters text could make out what that person types. And if this neural network happens to be schooled in your particular way of typing, the accelerometer data from the smartwatch on your wrist could be used to recognize a password based on your hand movements.

However, the training process would require the neural network to track you for quite a long time. The processors in modern portable gadgets are not powerful enough to run a neural network directly, so the data has to be sent to a server.

And therein lies trouble for a would-be spy: The constant upload of accelerometer readings consumes a fair bit of Internet traffic and zaps the smartwatch battery in a matter of hours (six, to be precise, in our case). Both of those telltale signs are easy to spot, alerting the wearer that something is wrong. Both, however, are easily minimized by scooping up data selectively, for example when the target arrives at work, a likely time for password entry.

In short, your smartwatch can be used to identify what you’re typing. But it’s hard, and accurate recovery relies on repeat text entry. In our experiment, we were able to recover a computer password with 96% accuracy and a PIN code entered at an ATM with 87% accuracy.

It could be worse

For cybercriminals, however, such data is not all that useful. To use it, they’d still need access to your computer or credit card. The task of determining a card number or CVC code is way trickier.

Here’s why. On returning to the workplace, first thing the smartwatch owner types is almost certainly a password to unlock their computer. That is, the accelerometer graph indicates first walking, then typing. Based on data obtained just for this brief period, it’s possible to recover the password.

But the person won’t enter a credit card number as soon as they sit down — or get up and walk away immediately after entering that data. What’s more, no one will ever enter this information several times in short succession.

To steal data-entry information from a smartwatch, attackers need predictable activity followed by data entered several times. The latter part, incidentally, is yet another reason not to use the same password for different services.

Who should worry about smartwatches?

Our research has shown that data obtained from a smartwatch acceleration sensor can be used to recover information about the wearer: movements, habits, some typed information (for example, a laptop password).

Infecting a smartwatch with data-siphoning malware that lets cybercriminals recover this information is quite straightforward. They just need to create an app (say, a trendy clockface or fitness tracker), add a function to read accelerometer data, and upload it to Google Play. In theory, such an app will pass the malware screening, since there is nothing outwardly malicious in what it does.

Should you worry about being spied on by someone using this technique? Only if that someone has a strong motivation to spy on you, specifically. The average cybercrook is after easy pickings and won’t have much to gain.

But if your computer password or route to the office is of value to someone, a smartwatch is a viable tracking tool. In this case, our advice is:

  • Take note if your smartwatch is overly traffic-hungry or the battery drains quickly.
  • Don’t give apps too many permissions. In particular, watch out for apps that want to retrieve account info and geographical coordinates. Without this data, intruders will struggle to ascertain that it’s your smartwatch they’ve infected.
  • Install a security solution on your smartphone that can help detect spyware before it starts spying.

Source: kaspersky.com

Translate this article

TAGGED: Google Play, Malware, Security, SQL injection, Threat, Threats, YouTube
Tom Grant October 13, 2022 October 7, 2022
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

How to stop, disable, and remove any Android apps — even system ones
How To 16 hours ago
Patchstack Alliance Bounty Program Events for December
Patchstack Alliance Bounty Program Events for December
Wordpress Threats 1 day ago
Your Smart Coffee Maker is Brewing Up Trouble
Threats 2 days ago
Bigger, Better, Cooler in a 2U1N form factor
Bigger, Better, Cooler in a 2U1N form factor
Apps 2 days ago
Change screen brightness on Windows 11
News 2 days ago

You Might Also Like

How To

How to stop, disable, and remove any Android apps — even system ones

16 hours ago
Patchstack Alliance Bounty Program Events for December
Wordpress Threats

Patchstack Alliance Bounty Program Events for December

1 day ago
Threats

Your Smart Coffee Maker is Brewing Up Trouble

2 days ago
Bigger, Better, Cooler in a 2U1N form factor
Apps

Bigger, Better, Cooler in a 2U1N form factor

2 days ago
Show More

Related stories

Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin
BridesMaid – neuron writes toasts For those very occasions when you need to give out a powerful
The other day Yandex pleased us with the announcement of a new Midi station – an excellent reason to listen
REMIX – remixes of pictures from neural networksCreate, share and correct works
How to download Diablo IV for free and absolutely legallyBlizzard has opened a free
Rostelecom employees were forced to abandon Android and iOS in favor of Aurora.
Previous Next

10 New Stories

Earn up to $10,000 for Vulnerabilities in WordPress Software
Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin
Short-URL Services May Hide Threats
Vulnerability in crypto wallets created online in the early 2010s
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 20, 2023 to November 26, 2023)
Thrive Theme: Dismiss Tooltip to Privilege Escalation
Previous Next
Hot News
How to stop, disable, and remove any Android apps — even system ones
Patchstack Alliance Bounty Program Events for December
Your Smart Coffee Maker is Brewing Up Trouble
Bigger, Better, Cooler in a 2U1N form factor
Change screen brightness on Windows 11
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?